Google TAG says the North Korean government-backed actors targeting security researchers expanded their operation by creating a fake offensive-security company called SecuriElite on March 17. The site and associated LinkedIn and Twitter personas posed as security researchers, recruiters or company staff, continuing the earlier tactic of building credibility with exploitation-focused targets. TAG notes that prior attacker-controlled sites used a hosted PGP key as a lure to a browser exploit, and although SecuriElite had not yet served malicious content, Google added it to Safe Browsing as a precaution. The report also lists attacker-controlled domains and social accounts for defensive tracking.