North Korea Targets—and Dupes—a Slew of Cybersecurity Pros
One early January morning, security researcher Zuk Avraham got a nondescript direct message out of the blue on Twitter: “Hi.” It was from someone named Zhang Guo. The short, unsolicited messaged wasn’t too unusual; as the founder of both the threat monitoring firm ZecOps and the antivirus firm Zimperium, Avraham gets a lot of random DMs.
Zhang claimed to be a web developer and bug hunter in his Twitter bio. His profile showed that he’d created his account last June and had 690 followers, perhaps a sign that the account was credible. Avraham responded with a simple hello later that night and Zhang wrote back immediately, “Thanks for your reply. I have some questions?” He went on to express interest in Windows and Chrome vulnerabilities and to ask Avraham if he was himself a vulnerability researcher. That’s where Avraham let the conversation trail off. “I didn’t reply—I guess being busy saved me here,” he told WIRED.