Inside the DPRK Fake IT Workers Network: IP Ranges, Proxies, and Internal Coordination
Contents
Inside the DPRK Fake IT Workers Network: IP Ranges, Proxies, and Internal Coordination
Inside the DPRK Fake IT Workers Network: IP Ranges, Proxies, and Internal Coordination
Summary
Following a compilation of mail republished by @Sttyk we used Hudson rock to legitimate the data provided in this mail dump and found many artifacts that belong to DPRK IT Workers. In this article we will focus on a reconstituted infrastructure and the environment of this structure.
Mapping their Internal Infrastructure
During our investigation we found that they use “IP-msg” or IP messenger an app used widely inside of their infrastructure to communicate between different teams, with that data, we added more context to our first finding where we only had local IPs.
It seems that they have a single unified network for everyone working as a foreign worker.
As noticed by NKinternet we mainly saw these ranges being used among IT workers, the ranges 188.43.88.0/24 ; 188.43.136.0/24 ; 83.234.227.0/24 …
Inside the DPRK Fake IT Workers Network: IP Ranges, Proxies, and Internal Coordination
Summary
Following a compilation of mail republished by @Sttyk we used Hudson rock to legitimate the data provided in this mail dump and found many artifacts that belong to DPRK IT Workers. In this article we will focus on a reconstituted infrastructure and the environment of this structure.
Mapping their Internal Infrastructure
During our investigation we found that they use “IP-msg” or IP messenger an app used widely inside of their infrastructure to communicate between different teams, with that data, we added more context to our first finding where we only had local IPs.
It seems that they have a single unified network for everyone working as a foreign worker.
As noticed by NKinternet we mainly saw these ranges being used among IT workers, the ranges 188.43.88.0/24 ; 188.43.136.0/24 ; 83.234.227.0/24 …
IoC
http://192.168.91.51:3128
188.43.136.0
192.168.91.51
83.234.227.0
188.43.88.0
188.43.136.0
192.168.91.51
83.234.227.0
188.43.88.0