North Koreans using new zero-day to target security researchers

A North Korean state-sponsored cyber group is exploiting an unpatched zero-day vulnerability to target cybersecurity researchers, according to Google’s Threat Analysis Group. This new campaign uses complex social engineering tactics and a malicious software tool called GetSymbol. Experts warn that cyber threat researchers are increasingly being targeted as their systems often have relaxed security controls, enabling threat attackers to gain footholds outside corporate environments.