Inside the North Korean Infiltrator Threat
Contents
By Flare Research and IBM X-Force
Executive Summary
Increased federal activity, including indictments over the last year, has brought to light the growing scale and sophistication of a global threat: North Korean nationals operating as remote IT contractors and full-time technology staff within unsuspecting companies across the globe. Research conducted in collaboration between Flare and IBM X-Force, details the extensive tactics and techniques employed by these North Korean IT Worker (NKITW) operatives. The North Korean regime mobilizes thousands of skilled IT professionals to infiltrate organizations across North America and Western Europe, primarily for financial gain, but also for corporate espionage and the theft of sensitive information. The report details their methodologies, offering a critical understanding of this evolving threat to the global business ecosystem.
There have been several reports about the activities of various North Korean IT worker operations, and countless incidents reported in the news related to North Korean threat actors in …
Executive Summary
Increased federal activity, including indictments over the last year, has brought to light the growing scale and sophistication of a global threat: North Korean nationals operating as remote IT contractors and full-time technology staff within unsuspecting companies across the globe. Research conducted in collaboration between Flare and IBM X-Force, details the extensive tactics and techniques employed by these North Korean IT Worker (NKITW) operatives. The North Korean regime mobilizes thousands of skilled IT professionals to infiltrate organizations across North America and Western Europe, primarily for financial gain, but also for corporate espionage and the theft of sensitive information. The report details their methodologies, offering a critical understanding of this evolving threat to the global business ecosystem.
There have been several reports about the activities of various North Korean IT worker operations, and countless incidents reported in the news related to North Korean threat actors in …
IoC
http://kcna.kp
http://192.168.109.2/machine_info_new
http://192.168.109.2/login
http://172.20.100.7:8000/register-service
http://pt.net.com
http://mfa.gov.kp
http://172.20.100.7:8000/change-password
http://protected.kp
http://192.168.109.2/
http://192.168.109.2/user
http://gnu.rep.kp
http://vok.rep.kp
http://rodong.rep.kp
http://172.20.100.7:8000/register-form?netkey_id=
http://protected.com
http://192.168.109.2/blocked_urls
http://192.168.109.2/network_reports
http://192.168.109.2/machine_info
http://172.20.100.7:8000/upload
http://172.20.100.7:8000/login
http://172.20.100.7:8000/register
http://172.20.100.7:8000/register-port
http://star.kp
http://airkoryo.kp
http://pic.co.kp
http://172.20.100.7
http://172.20.100.7:8000/register-form?netkey_id=*******
http://naenara.com.kp
http://192.168.109.2/payment
http://pt.net.kp
192.168.109.2
192.168.118.109
192.168.118.114
192.168.118.99
192.168.118.100
192.168.118.103
192.168.118.93
192.168.118.92
192.168.118.112
192.168.118.110
192.168.118.104
192.168.118.107
172.20.100.7
192.168.118.55
192.168.118.98
192.168.118.105
http://192.168.109.2/machine_info_new
http://192.168.109.2/login
http://172.20.100.7:8000/register-service
http://pt.net.com
http://mfa.gov.kp
http://172.20.100.7:8000/change-password
http://protected.kp
http://192.168.109.2/
http://192.168.109.2/user
http://gnu.rep.kp
http://vok.rep.kp
http://rodong.rep.kp
http://172.20.100.7:8000/register-form?netkey_id=
http://protected.com
http://192.168.109.2/blocked_urls
http://192.168.109.2/network_reports
http://192.168.109.2/machine_info
http://172.20.100.7:8000/upload
http://172.20.100.7:8000/login
http://172.20.100.7:8000/register
http://172.20.100.7:8000/register-port
http://star.kp
http://airkoryo.kp
http://pic.co.kp
http://172.20.100.7
http://172.20.100.7:8000/register-form?netkey_id=*******
http://naenara.com.kp
http://192.168.109.2/payment
http://pt.net.kp
192.168.109.2
192.168.118.109
192.168.118.114
192.168.118.99
192.168.118.100
192.168.118.103
192.168.118.93
192.168.118.92
192.168.118.112
192.168.118.110
192.168.118.104
192.168.118.107
172.20.100.7
192.168.118.55
192.168.118.98
192.168.118.105