A member of Google’s Threat Analysis Group confirmed that two Twitter accounts recently shut down were part of a North Korea-backed campaign targeting security researchers.
Google reported on its blog in January that it discovered a months-long spearphishing campaign that targeted researchers focusing on discovering new software vulnerabilities. The North Korean threat actors posed as members of the research community and created various social media accounts where they interacted with legitimate researchers. The hackers even offered to collaborate on newly discovered exploits and sent researchers software code or site links with malware that compromised fully patched and updated computers.
Posting to Twitter on Oct. 15, threat analyst Adam Weirderman said the two accounts that were shut down were directly related to the spearphishing campaign reported earlier, and “leaned on the hype of 0 days to gain followers and build credibility.”
North Korean hacking groups stand out from their counterparts in Russia, China and Iran in the creativity of their hacking campaign tactics and the way they avoid using popular commercial offensive tools.
“They’re in some ways my favorite actor in cyberspace, because they’re just so incredibly innovative,” said Dmitri Alperovitch, executive chairman at the Silverado Policy Accelerator, told SC Media in May.