Twitter accounts linked to cyberattacks against security researchers suspended

Twitter has suspended accounts belonging to a North Korean hacking group targeting security researchers. 

The social media accounts, @lagal1990 and @shiftrows13, were suspended this month after “posing as security researchers,” according to Google Threat Analysis Group (TAG) analyst Adam Weidermann, who added that the profiles “leaned on the hype of 0-days to gain followers and build credibility.”

As noted by Threatpost, another account, @lagal1990, was closed for the same reason in August.

The campaign, believed to be the work of state-sponsored North Korean cyberattackers, has been tracked by the Google TAG team over the past year. 

First documented in January 2021, the campaign includes the creation of a network of fake profiles across platforms including Twitter, LinkedIn, Keybase, and GitHub. 

The fake profiles are riding on interest in exploits and zero-day bugs to establish an aura of credibility and will post content such as proof-of-concept (PoC) code and exploit techniques. 

According to Weidermann, the fake accounts were found by researchers Francisco Alonso and Javier Marcos.

“We (TAG) confirmed these are directly related to the cluster of accounts we blogged about earlier this year,” Weidermann commented. “In the case of @lagal1990, they renamed a GitHub account previously owned by

Read More: