Tech Hive Security Advisory Series Volume 1. Issue 2
The threat actors' posts on social media such as Twitter, LinkedIn, and Telegram usually contain links to their research blogs which contain vulnerability disclosures that are already publicly disclosed. The blogs also contain research works of unsuspecting legitimate security researchers. All of these make them appear credible. They then approach targeted security and vulnerability researchers with whom they establish initial communication. One of the reported tactics is to propose a collaboration to the targets to whom they send a Visual Studio Project. Unknown to the targets, the Visual Studio Project would contain a source code for exploiting vulnerabilities in their systems and malware that would communicate with the threat actors.