Active North Korean campaign targeting security researchers In January 2021, Threat Analysis Group (TAG) publicly disclosed a campaign from government backed actors in North Korea who used 0-day exploits to target security researchers working on vulnerability research and development. Security researcher targeting Similar to the previous campaign TAG reported on, North Korean threat actors used social media sites like X (formerly Twitter) to build rapport with their targets. The shellcode used in this exploit is constructed in a similar manner to shellcode observed in previous North Korean exploits. TAG is aware of at least one actively exploited 0-day being used to target security researchers in the past several weeks.