This is not the first time threat actors have targeted vulnerability researchers and pentesters.
In January 2021, the North Korean Lazarus hacking group
targeted vulnerability researchers through social media accounts and zero-day browser vulnerabilities.
In March 2021, North Korean hackers again targeted the infosec community by
creating a fake cybersecurity company called SecuriElite (located in Turkey).
In November, the Lazarus hacking conducted another campaign using a trojanized version of the IDA Pro reverse engineering application that installed the NukeSped remote access trojan.
By targeting the infosec community, threat actors not only gain access to vulnerability research the victim may be working on but may also potentially gain access to a cybersecurity company's network.
As cybersecurity companies tend to have sensitive information on clients, such as vulnerability assessments, remote access credentials, or even undisclosed zero-day vulnerabilities, this type of access can be very valuable to a threat actor.