360 attributed “Operation Breaking the Shell” to Lazarus/APT-C-26 and described it as a long-prepared campaign against security researchers. The operators built credibility by registering social-media personas, running the blog blog.br0vvnn[.]io, publishing vulnerability-analysis posts, and sharing the content through Twitter, GitHub, YouTube, and security-media amplification. They then sent malicious exploit PoC source packages whose Visual Studio project files executed hidden DLL payloads through PowerShell during the build process. 360 linked the activity to Lazarus through sample similarities with prior Dream Job malware and shared infrastructure, warning that compromise of researchers could expose security companies and vulnerability research.