DPRK IT Fraud Network Uses GitHub to Target Global Companies
Contents
Threat Analysis
Likely DPRK Network Backstops on GitHub, Targets Companies Globally
Executive Summary
Nisos is tracking a network of likely North Korean (DPRK)-affiliated IT workers posing as Vietnamese, Japanese, and Singaporean nationals with the goal of obtaining employment in remote engineering and full-stack blockchain developer positions in Japan and the United States. While the personas claim to be located in Asia, the network appears to be globally focused, aiming to obtain jobs both in and outside of Asia. The network appears to be using GitHub to create new personas and is reusing matured GitHub accounts and portfolio content from older personas to backstop their new personas. Two of the personas in the network appear to be employed at companies with fewer than 50 employees, and we assess that the network’s objective is to earn cash to fund Pyongyang’s ballistic missile and nuclear weapons development programs.
Several indicators suggest that the network is likely DPRK-affiliated. …
Likely DPRK Network Backstops on GitHub, Targets Companies Globally
Executive Summary
Nisos is tracking a network of likely North Korean (DPRK)-affiliated IT workers posing as Vietnamese, Japanese, and Singaporean nationals with the goal of obtaining employment in remote engineering and full-stack blockchain developer positions in Japan and the United States. While the personas claim to be located in Asia, the network appears to be globally focused, aiming to obtain jobs both in and outside of Asia. The network appears to be using GitHub to create new personas and is reusing matured GitHub accounts and portfolio content from older personas to backstop their new personas. Two of the personas in the network appear to be employed at companies with fewer than 50 employees, and we assess that the network’s objective is to earn cash to fund Pyongyang’s ballistic missile and nuclear weapons development programs.
Several indicators suggest that the network is likely DPRK-affiliated. …