Insights from Internal DPRK Chat Logs
Contents
Insights from Internal DPRK Chat Logs
Our notes from discovering internal North Korean chat logs.
/ 8 min read
Background:
Recently some members of Chollima Group came across an open Google Drive folder owned by a North Korean IT Worker. The drive folder contained identity documents and resumes for an Iranian developer and 5 other personas, Payoneer/Paypal transaction info, a small database file of notes, a .log file, and a screenshot of an individual testing their webcam:
As we began to look through this folder, we noticed that the .log file was actually chat logs spanning between late 2022 and early 2023. Although we were at first uncertain of what application they originated from, as we continued to read through them we began to notice some key things that captured our full attention:
- The participants in these chats appeared to be involved in software development and freelancing, often collaborating on projects.
- The chat logs seemed …
Our notes from discovering internal North Korean chat logs.
/ 8 min read
Background:
Recently some members of Chollima Group came across an open Google Drive folder owned by a North Korean IT Worker. The drive folder contained identity documents and resumes for an Iranian developer and 5 other personas, Payoneer/Paypal transaction info, a small database file of notes, a .log file, and a screenshot of an individual testing their webcam:
As we began to look through this folder, we noticed that the .log file was actually chat logs spanning between late 2022 and early 2023. Although we were at first uncertain of what application they originated from, as we continued to read through them we began to notice some key things that captured our full attention:
- The participants in these chats appeared to be involved in software development and freelancing, often collaborating on projects.
- The chat logs seemed …