Summary: Security researchers are being targeted by attackers using fake exploits of Microsoft vulnerabilities to distribute malware. The counterfeit proof-of-concept for LDAPNightmare leads to the execution of information-stealing scripts instead of legitimate security testing.
Threat Actor: North Korean attackers | North Korean attackers
Victim: Alejandro Caceres | Alejandro Caceres
Key Point :
- Fake exploits of Microsoft vulnerabilities are being used to deliver malware.
- The counterfeit PoC replaces legitimate Python files with a malicious executable.
- Stolen data includes user PC information, process lists, and network details.
- This tactic poses significant risks as it exploits trending security issues.
- Previous attacks have targeted security researchers from major vendors.
Source: https://www.theregister.com/2025/01/09/security_pros_baited_by_fake/