When social engineering is combined with highly targeted spear phishing, it can be difficult to spot. Tactics & Techniques ZINC (a sub-group of Lazarus) spent a lot of time during 2020 establishing a research blog and several Twitter profiles to interact with their targets. Security researchers determined the association based on tradecraft, infrastructure, malware patters, and account affiliations. Microsoft, who has been tracking ZINC for quite some time, stated that the campaign was ongoing and that the threat actors used a variety of new techniques to target the security researchers.