{"id":53618,"date":"2023-09-11T00:32:42","date_gmt":"2023-09-11T00:32:42","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/"},"modified":"2023-09-11T00:32:42","modified_gmt":"2023-09-11T00:32:42","slug":"google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/","title":{"rendered":"Google warns infoseccers: Beware of North Korean spies sliding into your DMs"},"content":{"rendered":"<p><span class=\"label\">In brief<\/span> Watch out, cyber security researchers: Suspected North Korean-backed hackers are targeting members of the infosec community again, according to Google&#8217;s Threat Analysis Group (TAG).<\/p>\n<p>As was the case in 2021 when TAG made a <a href=\"https:\/\/www.theregister.com\/2021\/01\/26\/norks_hack_researchers\/\">similar claim<\/a>, suspected North Korean agents are reaching out to targets using social media to build rapport before moving targets to secure services like Signal or WhatsApp. As was also the case in 2021, Google offered no explanation or conclusions.<\/p>\n<p>&#8220;Once a relationship was developed with a targeted researcher, the threat actors sent a malicious file that contained at least one 0-day in a popular software package,&#8221; TAG researchers <a href=\"https:\/\/blog.google\/threat-analysis-group\/active-north-korean-campaign-targeting-security-researchers\/\" rel=\"nofollow\">wrote<\/a>. Google didn&#8217;t mention the affected vendor, but said efforts were underway to deploy a patch.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Per Google, shellcode in the malicious file collects information on affected systems and sends it back to C2 servers. &#8220;The shellcode used in this exploit is constructed in a similar manner to shellcode observed in previous North Korean exploits,&#8221; TAG explained.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>But wait \u2013 there&#8217;s more.<\/p>\n<p>Google has an additional warning to deliver: The threat actors also developed a standalone tool for Windows that could appeal to the infosec community. On the surface, <code>dbgsymbol<\/code> [Github link https:\/\/github[.]com\/dbgsymbol\/ provided for visibility \u2013 <em>don&#8217;t<\/em> download this] is used to download debugging symbol information from various sources \u2013\u2013 handy for debugging issues in binaries, or doing vulnerability research.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;The tool also has the ability to download and execute arbitrary code from an attacker-controlled domain,&#8221; TAG warned. While not including any description of what <code>dbgsymbol<\/code> may have been used to download, Google recommends that anyone who has downloaded or run the tool &#8220;ensure your system is in a known clean stage, likely requiring a reinstall of the operating system.&#8221;&nbsp;<\/p>\n<p>Sorry \u2013 guess those weekend plans have been made for you, unlucky random GitHub project downloaders.&nbsp;<\/p>\n<div class=\"boxout\" readability=\"32.341463414634\">\n<h3 class=\"crosshead\">Critical vulnerabilities: Active exploits a go-go<\/h3>\n<p>If it was a quiet week for newly discovered and critically dangerous exploits, then threat actors didn&#8217;t get the message. There were plenty of active exploits addressed this week.<\/p>\n<p>First up, Google&#8217;s monthly Android security <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2023-09-01\" rel=\"nofollow\">updates<\/a> for September were released, addressing several critical vulnerabilities and one that may be under active exploit. CVE-2023-35674 is an issue in Android&#8217;s framework, and could be used to privilege escalation without the need for user interaction.&nbsp;<\/p>\n<p>CISA, the FBI and the Cyber National Mission Force saw fit to issue a <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-250a\" rel=\"nofollow\">warning<\/a> this week that multiple nation-state threat actors have been active exploiting a pair of vulnerabilities in Fortinet <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-42475\" rel=\"nofollow\">firewalls<\/a> and Zoho&#8217;s <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-47966\" rel=\"nofollow\">ManageEngine<\/a> software to &#8220;expand targeted network access, serve as malicious infrastructure, or a mixture of both.&#8221; Patch and monitor, the groups recommend.&nbsp;<\/p>\n<p>Apache RocketMQ, an open source messaging and streaming service developed by Alibaba, is having a remote code execution vulnerability actively <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-33246\" rel=\"nofollow\">exploited<\/a> as well, and a patch is available.&nbsp;<\/p>\n<p>As for recently flagged vulnerabilities:<\/p>\n<ul>\n<li>CVSS 10.0 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-250-03\" rel=\"nofollow\">Multiple CVEs<\/a>: The web portal firmware for Socomec&#8217;s MODULYS GP UPS systems contain a veritable grab basket of vulnerabilities that could allow an attacker to do all sorts of malicious stuff.<\/li>\n<li>CVSS 10.0 \u2013 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-20238\" rel=\"nofollow\">CVE-2023-20238<\/a>: A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system.<\/li>\n<\/ul>\n<ul>\n<li>CVSS 9.8 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-medical-advisories\/icsma-23-248-01\" rel=\"nofollow\">Multiple CVEs<\/a>: MedDream PACS health imaging server software contain a pair of vulnerabilities that, if chained together, could let an attacker leak credentials or execute arbitrary code.<\/li>\n<li>CVSS 9.6 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-250-02\" rel=\"nofollow\">Multiple CVEs<\/a>: Phoenix Contact&#8217;s telecoms routers and cloud client software contain a series of vulnerabilities that can be exploited to cause denial of service or code execution in user browsers.&nbsp;<\/li>\n<li>CVSS 9.1 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-250-01\" rel=\"nofollow\">Multiple CVEs<\/a>: The web console for Dover Fueling Solutions MAGLINK LX tank management devices contain a chain of vulnerabilities that can give an attacker full access to vulnerable systems.<\/li>\n<\/ul>\n<\/div>\n<h3 class=\"crosshead\">DoJ thanks Verizon for its negligence with reduced fine<\/h3>\n<p>Verizon may have copped to failing to properly protect General Services Administration (GSA) devices connected to public networks and failing to meet its terms of a contract for five years, but it copped to it.&nbsp;<\/p>\n<p>In exchange, the Department of Justice has decided it&#8217;ll keep the fine to a mere $4 million and change, thank you very much. &#8220;The United States acknowledged that Verizon took a number of significant steps entitling it to credit for cooperating with the government,&#8221; the DoJ <a href=\"https:\/\/www.justice.gov\/opa\/pr\/cooperating-federal-contractor-resolves-liability-alleged-false-claims-caused-failure-fully\" rel=\"nofollow\">said<\/a>.&nbsp;<\/p>\n<p>Verizon&#8217;s Managed Trusted Internet Protocol Service, or MTIPS, was used by the GSA from 2017 until 2021, during which time the feds allege the telco &#8220;did not completely satisfy three required cybersecurity controls for trusted internet connections.&#8221;&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Verizon blew the whistle on itself when it realized it had dropped the ball, &#8220;cooperated with the government&#8217;s investigation of the issues and took prompt and substantial remedial measures,&#8221; the DoJ declared.&nbsp;<\/p>\n<p>In exchange for its cooperation (and non-admission of responsibility, naturally), Verizon gets away with forking over a mere 0.08 percent of its net income in <a href=\"https:\/\/www.verizon.com\/about\/news\/strong-wireless-service-revenue-growth-and-cash-flow-highlight-verizons-2q-results\" rel=\"nofollow\">Q2<\/a> of 2023 \u2013 and that was a down quarter.<\/p>\n<h3 class=\"crosshead\">Malvertising on Mac<\/h3>\n<p>Malwarebytes researchers have <a href=\"https:\/\/www.malwarebytes.com\/blog\/threat-intelligence\/2023\/09\/atomic-macos-stealer-delivered-via-malvertising\" rel=\"nofollow\">discovered<\/a> a malware-laden advertising campaign in Google search results that&#8217;s casting a wide net by targeting both Windows and Mac devices.<\/p>\n<p>The Apple malware \u2013 which is the interesting feature of this campaign \u2013 is a variant of the Atomic Stealer malware that popped up earlier this year. In this case, it&#8217;s a run-and-done malware that makes off with passwords, keychain data, autofill records, cookies, files and crypto wallet information.<\/p>\n<p>Interestingly, this particular &#8220;variant&#8221; even comes with instructions for how to open it in a manner that bypasses the macOS Gatekeeper, which performs runtime checks to kill potential malicious executables.&nbsp;<\/p>\n<p>In short, like all good malware for commercially available and locked-down OSes like macOS, iOS or Android, this one requires victims to fall prey to both a phishing attempt via malicious advertising and questionable prompts. \u00ae&nbsp;<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2023\/09\/11\/infosec_roundup\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ALSO: Verizon turns self in for reduced fine, malvertising comes to macOS, and this week&#8217;s critical vulnerabilities In brief\u00a0 Watch out, cyber security researchers: Suspected North Korean-backed hackers are targeting members of the infosec community again, according to Google&#8217;s Threat Analysis Group (TAG).\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-53618","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Google warns infoseccers: Beware of North Korean spies sliding into your DMs 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Google warns infoseccers: Beware of North Korean spies sliding into your DMs 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-11T00:32:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Google warns infoseccers: Beware of North Korean spies sliding into your DMs\",\"datePublished\":\"2023-09-11T00:32:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\\\/\"},\"wordCount\":998,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\\\/\",\"name\":\"Google warns infoseccers: Beware of North Korean spies sliding into your DMs 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2023-09-11T00:32:42+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Google warns infoseccers: Beware of North Korean spies sliding into your DMs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Google warns infoseccers: Beware of North Korean spies sliding into your DMs 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/","og_locale":"en_US","og_type":"article","og_title":"Google warns infoseccers: Beware of North Korean spies sliding into your DMs 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-09-11T00:32:42+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Google warns infoseccers: Beware of North Korean spies sliding into your DMs","datePublished":"2023-09-11T00:32:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/"},"wordCount":998,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/","url":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/","name":"Google warns infoseccers: Beware of North Korean spies sliding into your DMs 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2023-09-11T00:32:42+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZP7exaPvlvRGWjZaFGuNnAAAAI8&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/google-warns-infoseccers-beware-of-north-korean-spies-sliding-into-your-dms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Google warns infoseccers: Beware of North Korean spies sliding into your DMs"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53618","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53618"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53618\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53618"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53618"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53618"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}