In a new report, Microsoft disclosed that they have been tracking multiple DPRK tactics in their targeting of offensive security professionals. On Tuesday, when this news was first announced, a Visual Studio C# project with a malicious prebuild event was a known attack vector. Based on Microsoft’s report, more is known about what the attackers used to gain information.
With the DPRK targeting offensive security researchers, taking personal measures to protect oneself is more important than ever. This is especially true for people who are publicly active in research for both the security industry’s offensive and defensive sides. If messages are received from strangers making offers of exploits or tools not yet publicly disclosed, treat them with caution. Moreover, if third party tools like scripts are being used in one’s organization, read the source code of the script. Take time to investigate and understand what the script is doing and discuss the security implications with coworkers and trusted individuals.