Apparently they targeted security researchers by befriending them on social media and later targeting them with zero-days. (Which ones, they don't say.) They also put a debugging tool on GitHub...
Apparently they targeted security researchers by befriending them on social media and later targeting them with zero-days. (Which ones, they don't say.)
They also put a debugging tool on GitHub called 'GetSymbol' that would be of interest to security researchers:
On the surface, this tool appears to be a useful utility for quickly and easily downloading symbol information from a number of different sources. Symbols provide additional information about a binary that can be helpful when debugging software issues or while conducting vulnerability research.
But the tool also has the ability to download and execute arbitrary code from an attacker-controlled domain. If you have downloaded or run this tool, TAG recommends taking precautions to ensure your system is in a known clean state, likely requiring a reinstall of the operating system.
Apparently they targeted security researchers by befriending them on social media and later targeting them with zero-days. (Which ones, they don't say.)
They also put a debugging tool on GitHub called 'GetSymbol' that would be of interest to security researchers:
More on Hacker News.
People seem to think the source code looked okay but the binary may have been backdoored, and it auto-updates.