Spotted a Weird Github Organization? It Might be DPRK!
DPRK IT workers are quietly running polished GitHub organizations to win contracts and launder reputation. We map the networks, tactics, and tells.
Investigation
Understanding DPRK IT Worker Activity - Conversations and Insights
A comprehensive analysis of the tactics, behaviors, and operational patterns of North Korean (DPRK) IT workers.
DPRK IT Worker-Related Account Takeover
A DPRK IT worker-turned-hacker gains (partial) control over the Waves (Fraud) Protocol.
DPRK IT Workers in Open Source and Freelance Platforms
A cluster of actors discovered in onlyDust.com freelancer platform and beyond
Russian accent in the DPRK related cyber operations
Unusual Discoveries in DPRK IT Worker Profiles connected to Russia
From One North Korean To Four North Koreans To Five Threats
Comingled multiple types of threats hidden within single North Korean operation.
Introducing Ketman Project
In the ever-evolving landscape of cybersecurity, traditional methods of tracking threat actors through hashes, IPs, and websites are not enough. Today...
Ketman's Guide to Identifying a Suspicious Github Account Associated with DPRK
The investigation into the threat actor associated with DPRK activities has revealed several interesting insights into how to track this actor's activity based on their own presentation on GitHub.