North Koreans using new zero-day to target security researchers

North Korean state-sponsored hackers are using undisclosed zero-day vulnerabilities to target cyber security researchers in a scam ongoing for nearly two years. The threat group built its credibility by pretending to be security researchers, even running a research blog and interacting with real researchers on Twitter. Google’s Threat Analysis Group (TAG) discovered the zero-day which is in the process of being patched. TAG urges security researchers to remember they could be a target and stay vigilant.