Astrill VPN: Silent Push Publicly Releases New IPs on VPN Service Heavily Used by North Korean Threat Actors
Contents
Astrill VPN: Silent Push Publicly Releases New IPs on VPN Service Heavily Used by North Korean Threat Actors
KEY FINDINGS
- Multiple threat actors from North Korea’s Lazarus Group continue to use Astrill VPN to hide their IP address during attacks, as of February 24, 2025.
- Recent infrastructure and logs acquired from the North Korean threat group “Contagious Interview,” also known as “Famous Chollima,” confirmed ongoing use of the Astrill VPN during infrastructure testing processes.
- Silent Push analysts recently confirmed details originally released by Google’s Mandiant in September 2024, indicating the DPRK Fake IT worker threats also continue to use Astrill VPN to hide their IPs from prospective employers.
- Silent Push analysts have developed a “Bulk Data Feed” of all the Astrill VPN IPs our team has mapped—updated in real time—that our customers can utilize to protect against any threats, whether North Korean or otherwise, when using our service.
Background
Silent Push analysts have …
KEY FINDINGS
- Multiple threat actors from North Korea’s Lazarus Group continue to use Astrill VPN to hide their IP address during attacks, as of February 24, 2025.
- Recent infrastructure and logs acquired from the North Korean threat group “Contagious Interview,” also known as “Famous Chollima,” confirmed ongoing use of the Astrill VPN during infrastructure testing processes.
- Silent Push analysts recently confirmed details originally released by Google’s Mandiant in September 2024, indicating the DPRK Fake IT worker threats also continue to use Astrill VPN to hide their IPs from prospective employers.
- Silent Push analysts have developed a “Bulk Data Feed” of all the Astrill VPN IPs our team has mapped—updated in real time—that our customers can utilize to protect against any threats, whether North Korean or otherwise, when using our service.
Background
Silent Push analysts have …
IoC
http://astrill.com
http://91.239.130.102
http://bybit-assessment.com
http://104.223.97.2
169.38.132.135
104.129.22.2
172.93.100.166
113.20.30.139
104.223.97.2
134.195.197.175
169.57.129.31
185.108.128.54
103.130.145.210
167.88.61.250
172.96.141.172
91.239.130.102
[email protected]
http://91.239.130.102
http://bybit-assessment.com
http://104.223.97.2
169.38.132.135
104.129.22.2
172.93.100.166
113.20.30.139
104.223.97.2
134.195.197.175
169.57.129.31
185.108.128.54
103.130.145.210
167.88.61.250
172.96.141.172
91.239.130.102
[email protected]