
DRPK Twitter Accounts Used to Dupe Security Researchers
Note: We may earn a commission from products or services when you click on a link and make a purchase.
Twitter has suspended two accounts run by attackers connected to the Democratic People’s Republic of Korea (DPRK). The accounts posted cyber security related content and were used to lure cyber security researchers to interact with them with the intention of infecting their systems.
The accounts —@lagal1990 and @shiftrows13 are now suspended. That means that no one can see the previous posts or interact with these Twitter accounts in any way.


The campaign against cyber security researchers was first reported in January by Google TAG Analysis Group. At that time, Google researchers attributed the attacks to a government-backed entity based in North Korea.
Both Twitter accounts had less than 1,000 followers. The entities also created accounts on LinkedIn, Telegram, Discord, Keybase as well as email.
Government sponsored hackers from North Korea were involved in a campaign against potential recruits for the aerospace and defense industries. The goal was to compromise their systems or get information to exploit later on if they were by the government. The malicious activity was labeled as being part of “Hidden Cobra” which broadly refers to any attack by a North Korean threat actor.
Google recommends that if you have interacted with any of these social media accounts to scan your systems for malware and suspicious activity. So far, only Windows machines have been targeted.
READ Feds Call Out North Korean Hacking Campaigns
“If victims responded, the DPRK hackers would ask researchers to work together on various projects and eventually lure them to sites hosting malicious JavaScript code that would infect their victims’ computers with malware,” said a report on The Record.
It is not known what would happen if a system was compromised.