North Korean IT Workers Are Being Exposed on a Massive Scale

Young developers They have the time of their lives. They float open bottles of sparkling wine, dinner on the steaks, play football together, and rest in a luxurious private swimming pool, all their activities that were taken in the images that were later revealed online. In one image, a man is presented to the vital size Subordinates Cut the cardboard. But despite the exit, these are not successful as entrepreneurs in the Silicon Valley; They are workers in the Kingdom of North Korea, who infiltrate Western companies and send their wages to the homeland.

Today, two members of a group of North Korean developers, who were alleged to have been working outside the countries of Southeast Asia before moving to Russia by the beginning of 2024, are identified at the Cyber ​​Security Company DTEX. Men, who believed DTEX used “Naoki Murano” and “Jenson Collins”, were involved in collecting money for the brutal North Korean system as part of the widespread part of the information in information technology, as it was alleged that Morano had previously linked to $ 6 million in Crypto Deltmer last year.

For years, North Korea, Korea On one of the most sophisticated and dangerous cyber threats for Western countries and companies, has stolen the intellectual property infiltrators needed to develop its own technology, in addition to looting billions in evading sanctions and creating nuclear weapons. In February, the FBI announced that North Korea had withdrawn from the largest theft of encryption ever, and the stealing of $ 1.5 billion from Crypto Exchange bybit. Besides skilled infiltrators, Pyongyang, who are often in China or Russia, deceived their employment companies as a remote workers and have become an increasing threat.

“What we do does not work, and if he works, this does not work quickly enough,” says Michael Barney Barnhart, the main researcher in North Korea and the main investigator of DTEX. In addition to identifying Murano and Collins, DTEX, in a detailed report on North Korean cyber activity, publishes more than 1000 email addresses claiming to be identified as the activity of the IT factor in North Korea. This step is one of the biggest disclosure of the North Korean IT activity so far.

Wide electronic operations in North Korea cannot be compared to the operations of other hostile countries, such as Russia and China, as Barnhart explains in the DTEX report, where Pyongyang works like the “state crime union approved” instead of military operations or traditional intelligence. Barnhardt says everything is driven by the funding of the system, the development of weapons and the collection of information. “Everything is linked together in a way, shape or shape.”

Errors

With about 2022 and 2023, DTEX claims that Naoki Murano and Jenson Collins – unknown – were not known in Laos and also traveled between Vladivostok, in Russia. The husband appeared between a broader group of potential North Koreans in Laos, and the temporary storage memory for their photos was first displayed in the open Dropbox folder. The photos were discovered by a group of North Korean researchers who often cooperate with Barnhart and call themselves an “inappropriate” alliance. In recent weeks, they have posted many pictures of the alleged online North Korean IT workers.

North Korea information workers are prolific in their activities, and they often try to infiltrate many companies simultaneously using stolen identities or create false characters to try to appear legally. Some use independent platforms; Others are trying to recruit international facilitators to run laptop farms. Although their online personalities may be fake, the country – where millions do not have basic human rights or Internet access – and gifted children with the education pipeline where they can become developers and skilled infiltrators. This means that many information technology workers and infiltrators are likely to know each other, perhaps because they were children. Although they are technically skilled, they often leave digital bread crumbs in their wake.

Morano was first linked to the North Korean operations publicly by the Zakkatte Current Currency Investigator, who published the names and details of the encrypted currency portfolio, and email addresses for more than 20 IT workers in North Korea last year. MURANO was then linked to Deltaprime theft in reporting by Coinbase in October .. MisFits Collective members shared pictures of Marano, as he was pleased with himself while eating meat slices and a photo of an alleged Japanese passport.