Russian accent in the DPRK related cyber operations
Contents
Following Nisos recent publication on North Korean IT worker operations, we had a feeling more can be extracted from this data and performed the usual deep OSINT scan using our software. Accounts linked to the operation revealed unexpected connections to Russian military imagery.
Initially, Nisos flagged and confirmed three GitHub accounts as related to North Korean IT workers (imcode65
, kanbei0605
and code-0605
). We uncovered additional actors connected to above three identities. Two of those actors (jocadefichain
and EmiLa1
) featured profile pictures distinctly out of pattern with typical DPRK operational security. Rather than using generic AI-generated avatars, these accounts displayed images related to Kinzhal hypersonic missiles - Russia’s advanced weapons system that has been deployed in Ukraine.
Russian Military Connection
The profile images were traced to specific Russian sources:
- One image originated from a Russian forum topic titled “USA is almost sure that UA Armed Forces took down Kinzhal over Kyiv”, where one of users provided …
Initially, Nisos flagged and confirmed three GitHub accounts as related to North Korean IT workers (imcode65
, kanbei0605
and code-0605
). We uncovered additional actors connected to above three identities. Two of those actors (jocadefichain
and EmiLa1
) featured profile pictures distinctly out of pattern with typical DPRK operational security. Rather than using generic AI-generated avatars, these accounts displayed images related to Kinzhal hypersonic missiles - Russia’s advanced weapons system that has been deployed in Ukraine.
Russian Military Connection
The profile images were traced to specific Russian sources:
- One image originated from a Russian forum topic titled “USA is almost sure that UA Armed Forces took down Kinzhal over Kyiv”, where one of users provided …
IoC
https://github.com/RomanHarazha
https://github.com/girlbuzz
https://github.com/SeanJones11
https://github.com/cristttt
https://github.com/eddieda1
https://github.com/ThePinion
https://github.com/itayplav
https://github.com/belbazanas
https://github.com/jocadefichain
https://github.com/EmilLa1
https://github.com/shanelka-here
https://github.com/girlbuzz
https://github.com/SeanJones11
https://github.com/cristttt
https://github.com/eddieda1
https://github.com/ThePinion
https://github.com/itayplav
https://github.com/belbazanas
https://github.com/jocadefichain
https://github.com/EmilLa1
https://github.com/shanelka-here