From One North Korean To Four North Koreans To Five Threats
Contents
The 0xNickLFranklin
saga continues[0]. Let us share our discovery of a full DPRK IT worker cluster centered around Aqua Protocol… and not only.
Nick L Franklin posed as a security engineer, focusing on describing simple Web3 attacks. He is most likely connected to the AppleJesus
[1] threat operation run by the DPRK. This operation targets security researchers and dates as far back as 2021. Nick L Franklin
revealed himself as one of the DPRK operators after attempting to deliver a malicious .app
file.
[0] https://x.com/danielvf/status/1905642180749775189
[1] https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Aqua Protocol Core Team
Aqua Protocol was discovered as one of the crypto operations connected to 0xNickLFranklin
. This “fake” Web3 lending application, built on top of the Aave V3 architecture, has now been completely purged from existence[0]. The organization’s codebase, as well as the protocol’s liquidity (almost $800k USD, all under control of DPRK actors), have been wiped[1]. Nick was one of the two core contributors to the protocol.
- Aqua Protocol Organization:
https://github.com/techaqualoan
(Removed …
saga continues[0]. Let us share our discovery of a full DPRK IT worker cluster centered around Aqua Protocol… and not only.
Nick L Franklin posed as a security engineer, focusing on describing simple Web3 attacks. He is most likely connected to the AppleJesus
[1] threat operation run by the DPRK. This operation targets security researchers and dates as far back as 2021. Nick L Franklin
revealed himself as one of the DPRK operators after attempting to deliver a malicious .app
file.
[0] https://x.com/danielvf/status/1905642180749775189
[1] https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Aqua Protocol Core Team
Aqua Protocol was discovered as one of the crypto operations connected to 0xNickLFranklin
. This “fake” Web3 lending application, built on top of the Aave V3 architecture, has now been completely purged from existence[0]. The organization’s codebase, as well as the protocol’s liquidity (almost $800k USD, all under control of DPRK actors), have been wiped[1]. Nick was one of the two core contributors to the protocol.
- Aqua Protocol Organization:
https://github.com/techaqualoan
(Removed …
IoC
https://github.com/SonataM/ufobirddog
https://github.com/mpereiraesaa
https://t.me/Steve420erc
https://github.com/SonataM/trumpx
https://t.me/liquinia_eth
https://t.me/orkenErc20
https://decoy-nu.vercel.app/
https://x.com/brickbrosETH/
https://t.me/arkysatoshisdog
https://x.com/BERTonBSC
https://t.me/cr900_portal
https://github.com//holdex/holdex-venture-studio/issues/404
https://x.com/liquinia_eth
https://x.com/trumpshairETH
https://www.louieraccoon.com/
https://t.me/ubd_portal
https://x.com/danielvf/status/1905642180749775189
https://liquina.vip/
https://github.com/SonataM/decoy
https://t.me/decoy_eth
https://github.com/SonataM
https://dexscreener.com/ethereum/0x5239F8233f80f9c43463e0faA53B345214A1E9dD
https://www.dextools.io/app/en/token/bertonbsc?t=1743262255635solana/dd8elrwk1ebt3m4zn5c4asw1ky59phpbgzjbavsg7k2r
https://github.com/SonataM/peku
https://louie-iota.vercel.app/
https://orken.vercel.app/
https://github.com/SonataM/louie
https://x.com/louieoneth
https://ufobirddog.vercel.app/
https://dexscreener.com/ethereum/0x47597113c0d3cb6d6c9a0f6ba90d5f73b431b58f
https://x.com/decoy_eth
https://t.me/trumpx_channel
https://www.dextools.io/app/en/ether/pair-explorer/0x52aE2BD7016c292Ed75d265E84d90Faa7A4a3113?t=1716574755333
https://www.dextools.io/app/en/ether/pair-explorer/0x62fd37d24a2e76881e597da9ab3d51b1fa11f580?t=1732104771243
https://x.com/pcaversaccio/status/1905240537071833529
https://www.dextools.io/app/en/ether/pair-explorer/0x5bd3586034413a1abcd4ca684893af720903b5ac?t=1719322848714
https://t.me/pekueth
https://x.com/blackbigswan/status/1905216069813285189
https://x.com/cr900_eth
https://t.me/bertonbsc
https://github.com/SonataM/Liquina
https://x.com/orkenErc20
https://x.com/arkyErc20
https://github.com/SonataM/trumpshair
https://x.com/vodcatcoinerc20
https://github.com/NickLFranklin
https://arky-drab.vercel.app/
https://x.com/DecoyOhtaniCoin
https://x.com/blackbigswan/status/1905003274098417940
https://scambrokersreviews.com/crypto-scams/difx-review/
https://github.com/SonataM/Moocat
https://dexscreener.com/ethereum/0x1c00abc3869971870025b7bfffb98dac80d314cf
https://dexscreener.com/ethereum/0x52aE2BD7016c292Ed75d265E84d90Faa7A4a3113
https://x.com/LouieCTOSol
https://x.com/pekueth
https://vodcat-self.vercel.app/
https://t.me/lqna_erc20
https://t.me/trumpshairETH
https://x.com/blackbigswan/status/1905003831148302751
https://x.com/lqna_erc20
https://t.me/louieoneth
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
https://dexscreener.com/ethereum/0xd9e6f484f5cb1141383299c303841eb2080a4f57
https://github.com/CrazyDream000
https://github.com/SonataM/arky
https://peku.vercel.app/
https://github.com/SonataM/brics
https://github.com/SonataM/orken/
https://x.com/liquina_eth
https://github.com/SonataM/cr900
https://github.com/techaqualoan
https://x.com/trumpx_erc20
https://x.com/ufo_bird_dog
https://t.me/ohtanidecoy
https://github.com/jewelas
https://github.com/SonataM/vodcat
https://t.me/vodcat_channel
https://x.com/Ethereum_Steve
https://t.me/liquina_ai
https://x.com/liquina_ai
https://dexscreener.com/ethereum/0x4616D9B986da6fc6a1D53f2adfc45169B47757E8
https://dexscreener.com/ethereum/0x4206921bf8b68dd28282206a5c1486c359df46c9
https://t.me/liquina_eth
https://www.dextools.io/app/en/token/bertonbsc?t=1743262255635
https://www.steveerc.com/
1c00abc3869971870025b7bfffb98dac80d314cf
4206921bf8b68dd28282206a5c1486c359df46c9
4616D9B986da6fc6a1D53f2adfc45169B47757E8
52aE2BD7016c292Ed75d265E84d90Faa7A4a3113
62fd37d24a2e76881e597da9ab3d51b1fa11f580
d9e6f484f5cb1141383299c303841eb2080a4f57
e77d3a178c9f15096e83e789a8049ef20cca1095
5239F8233f80f9c43463e0faA53B345214A1E9dD
5bd3586034413a1abcd4ca684893af720903b5ac
47597113c0d3cb6d6c9a0f6ba90d5f73b431b58f
https://github.com/mpereiraesaa
https://t.me/Steve420erc
https://github.com/SonataM/trumpx
https://t.me/liquinia_eth
https://t.me/orkenErc20
https://decoy-nu.vercel.app/
https://x.com/brickbrosETH/
https://t.me/arkysatoshisdog
https://x.com/BERTonBSC
https://t.me/cr900_portal
https://github.com//holdex/holdex-venture-studio/issues/404
https://x.com/liquinia_eth
https://x.com/trumpshairETH
https://www.louieraccoon.com/
https://t.me/ubd_portal
https://x.com/danielvf/status/1905642180749775189
https://liquina.vip/
https://github.com/SonataM/decoy
https://t.me/decoy_eth
https://github.com/SonataM
https://dexscreener.com/ethereum/0x5239F8233f80f9c43463e0faA53B345214A1E9dD
https://www.dextools.io/app/en/token/bertonbsc?t=1743262255635solana/dd8elrwk1ebt3m4zn5c4asw1ky59phpbgzjbavsg7k2r
https://github.com/SonataM/peku
https://louie-iota.vercel.app/
https://orken.vercel.app/
https://github.com/SonataM/louie
https://x.com/louieoneth
https://ufobirddog.vercel.app/
https://dexscreener.com/ethereum/0x47597113c0d3cb6d6c9a0f6ba90d5f73b431b58f
https://x.com/decoy_eth
https://t.me/trumpx_channel
https://www.dextools.io/app/en/ether/pair-explorer/0x52aE2BD7016c292Ed75d265E84d90Faa7A4a3113?t=1716574755333
https://www.dextools.io/app/en/ether/pair-explorer/0x62fd37d24a2e76881e597da9ab3d51b1fa11f580?t=1732104771243
https://x.com/pcaversaccio/status/1905240537071833529
https://www.dextools.io/app/en/ether/pair-explorer/0x5bd3586034413a1abcd4ca684893af720903b5ac?t=1719322848714
https://t.me/pekueth
https://x.com/blackbigswan/status/1905216069813285189
https://x.com/cr900_eth
https://t.me/bertonbsc
https://github.com/SonataM/Liquina
https://x.com/orkenErc20
https://x.com/arkyErc20
https://github.com/SonataM/trumpshair
https://x.com/vodcatcoinerc20
https://github.com/NickLFranklin
https://arky-drab.vercel.app/
https://x.com/DecoyOhtaniCoin
https://x.com/blackbigswan/status/1905003274098417940
https://scambrokersreviews.com/crypto-scams/difx-review/
https://github.com/SonataM/Moocat
https://dexscreener.com/ethereum/0x1c00abc3869971870025b7bfffb98dac80d314cf
https://dexscreener.com/ethereum/0x52aE2BD7016c292Ed75d265E84d90Faa7A4a3113
https://x.com/LouieCTOSol
https://x.com/pekueth
https://vodcat-self.vercel.app/
https://t.me/lqna_erc20
https://t.me/trumpshairETH
https://x.com/blackbigswan/status/1905003831148302751
https://x.com/lqna_erc20
https://t.me/louieoneth
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
https://dexscreener.com/ethereum/0xd9e6f484f5cb1141383299c303841eb2080a4f57
https://github.com/CrazyDream000
https://github.com/SonataM/arky
https://peku.vercel.app/
https://github.com/SonataM/brics
https://github.com/SonataM/orken/
https://x.com/liquina_eth
https://github.com/SonataM/cr900
https://github.com/techaqualoan
https://x.com/trumpx_erc20
https://x.com/ufo_bird_dog
https://t.me/ohtanidecoy
https://github.com/jewelas
https://github.com/SonataM/vodcat
https://t.me/vodcat_channel
https://x.com/Ethereum_Steve
https://t.me/liquina_ai
https://x.com/liquina_ai
https://dexscreener.com/ethereum/0x4616D9B986da6fc6a1D53f2adfc45169B47757E8
https://dexscreener.com/ethereum/0x4206921bf8b68dd28282206a5c1486c359df46c9
https://t.me/liquina_eth
https://www.dextools.io/app/en/token/bertonbsc?t=1743262255635
https://www.steveerc.com/
1c00abc3869971870025b7bfffb98dac80d314cf
4206921bf8b68dd28282206a5c1486c359df46c9
4616D9B986da6fc6a1D53f2adfc45169B47757E8
52aE2BD7016c292Ed75d265E84d90Faa7A4a3113
62fd37d24a2e76881e597da9ab3d51b1fa11f580
d9e6f484f5cb1141383299c303841eb2080a4f57
e77d3a178c9f15096e83e789a8049ef20cca1095
5239F8233f80f9c43463e0faA53B345214A1E9dD
5bd3586034413a1abcd4ca684893af720903b5ac
47597113c0d3cb6d6c9a0f6ba90d5f73b431b58f