Security News > 2021 > October > Twitter Suspends Accounts Used to Snare Security Researchers

As Weidermann detailed in his January analysis, the threat actors set up a "Research" blog and used the Twitter profiles to disseminate links to it in order to pull in potential targets.

The ongoing campaign targets security researchers using lures near and dear to their hearts: Bugs and research.

"In each of these cases, the researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher's system and an in-memory backdoor would begin beaconing to an actor-owned command and control server," according to the January writeup.

The security researchers who've been victimized weren't running pockmarked systems.

After Google TAG initially uncovered the campaign in January, South Korean security researchers identified that the actors were exploiting an Internet Explorer zero day: specifically, what researchers from ENKI said was a double-free bug that occurred in the attribute value release part of the DOM object.

Google TAG hasn't yet published analysis to indicate whether the accounts had started to reach out to researchers before they were closed or whether they were still building up their reputations.

News URL

https://threatpost.com/twitter-suspends-security-researchers/175524/