Now that the cat is out of the bag regarding the use of front companies like BlockNovas LLC
Contents
Now that the cat is out of the bag regarding the use of front companies like BlockNovas LLC (blocknovas[.]com) in DPRK-linked #ContagiousInterview campaigns. We thought we'd share our overview of network telemetry surrounding this particular activity. Image
This infrastructure was controlled via IPs assigned to Russian #TransTelecom, as pointed out in Trend Micro’s recent analysis. These IPs reside in several ranges (some disclosed publicly, some not) which we have observed in concert with DPRK-linked activity for several years.
The IPs in this case, which have entered the public domain in recent days:
188.43.33.250
188.43.33.251
Are part of a small cluster assigned to InvestStroyTrest. This company operates a ferry service between North Korea and Russia, maintaining an office in the port of Rajin, KP.
This ferry service has taken on greater significance in recent months. When a North Korean soldier, taken as a prisoner of war by Ukrainian forces, claimed he had travelled from North Korea into …
This infrastructure was controlled via IPs assigned to Russian #TransTelecom, as pointed out in Trend Micro’s recent analysis. These IPs reside in several ranges (some disclosed publicly, some not) which we have observed in concert with DPRK-linked activity for several years.
The IPs in this case, which have entered the public domain in recent days:
188.43.33.250
188.43.33.251
Are part of a small cluster assigned to InvestStroyTrest. This company operates a ferry service between North Korea and Russia, maintaining an office in the port of Rajin, KP.
This ferry service has taken on greater significance in recent months. When a North Korean soldier, taken as a prisoner of war by Ukrainian forces, claimed he had travelled from North Korea into …