Google’s Threat Analysis Group (TAG) has issued a warning that a North Korean government hacking group has been targeting security researchers working on vulnerability research and development at various organizations over the past several months.
“The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers,” Google said in a blog post.
According to the company, these threat actors established a research blog and multiple Twitter profiles to interact with potential targets; the idea is to build credibility and connect with security researchers.
Moreover, they’ve used these Twitter profiles to post links to their blog and also to amplify and retweet posts from other accounts that they control.
“Their blog contains write-ups and analysis of vulnerabilities that have been publicly disclosed, including “guest” posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers,” the post added.
Google warned that these actors have used multiple platforms including Twitter, LinkedIn, Telegram, Discord, Keybase and email to communicate with potential targets.