Twitter suspended @lagal1990 and @shiftrows13 after Google TAG linked them to a North Korean cyber-espionage campaign targeting security researchers. The operation built fake researcher personas across social platforms, posted exploit and infosec content to gain credibility, and approached victims for collaboration before steering them to malicious sites. The source says those sites hosted JavaScript intended to infect researchers’ systems, likely to access non-public exploit research or spy on security firms and government-linked employers. The accounts followed earlier DPRK-linked personas and the fake SecuriElite company exposed by Google in the same campaign.