Threat Actors Targeting Cybersecurity Researchers
Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites to steal information, including exploits and zero-day vulnerabilities. APT groups often use elaborate social engineering and spear phishing schemes to trick victims into running malicious code through malicious links and websites.
CISA recommends cybersecurity practitioners to guard against this specific APT activity and review the following reports for more information:
- Google – Update on campaign targeting security researchers, published March 31, 2021
- Microsoft – ZINC attacks against security researchers, published January 28, 2021
- Google – New campaign targeting security researchers, published January 25, 2021
- CISA Tip – Avoiding social engineering and phishing attacks, updated August 25, 2020
Additionally, CISA strongly encourages cybersecurity practitioners use sandbox environments that are isolated from trusted systems or networks when examining untrusted code or websites.