Google’s Threat Analysis Group (TAG) has been monitoring government-backed hacking activity tied to North Korea for over a decade. As part of this, TAG has been tracking ARCHIPELAGO, a subset of APT43 activity, since 2012, and has observed the group targeting individuals with expertise in North Korea policy issues, including sanctions, human rights, and non-proliferation issues. Targets include Google and non-Google accounts belonging to government and military personnel, think tanks, policy makers, academics, and researchers in South Korea, the US, and elsewhere.

To protect users, the TAG uses its research on serious threat actors like ARCHIPELAGO to improve the safety and security of Google’s products. This includes adding newly discovered malicious websites and domains to Safe Browsing to protect users from further exploitation. The TAG also sends alerts to all targeted Gmail and Workspace users notifying them of government-backed attacker activity. Google encourages potential targets to enroll in its Advanced Protection Program, enable Enhanced Safe Browsing for Chrome, and ensure that all devices are updated.