Spotted a Weird Github Organization? It Might be DPRK!
Contents
Most of the previous write-ups focused on individual DPRK accounts on Github and their intricate connections, forming ‘clusters of activity’ in relation to the ‘IT Worker’ scheme. Today, we want to talk in more detail about the specific phenomenon of North Korean-established and maintained Github organizations. We’ll discuss a few examples found in the wild and evaluate the purposes of these often suspicious-looking Github organizations.
Why does the DPRK run its own organization?
We will focus on describing organizations we believe to be fully operated by the DPRK. The purpose of each one differs slightly, but in the end, they always serve as a ‘hub of activity’ for the accounts involved, facilitating multiple types of operations, including:
- Credibility building
- A central point for managing codebases between DPRK IT Workers
- Potential malware spreading
- Recruitment fronts (Both to acquire jobs and hire potential facilitators)
- Rug-pulling / Scamming
It’s hard to say how many such organizations …
Why does the DPRK run its own organization?
We will focus on describing organizations we believe to be fully operated by the DPRK. The purpose of each one differs slightly, but in the end, they always serve as a ‘hub of activity’ for the accounts involved, facilitating multiple types of operations, including:
- Credibility building
- A central point for managing codebases between DPRK IT Workers
- Potential malware spreading
- Recruitment fronts (Both to acquire jobs and hire potential facilitators)
- Rug-pulling / Scamming
It’s hard to say how many such organizations …
IoC
https://calendly.com/nailrusty-dev/30min
https://t.me/anotherrusty
https://x.com/cornel_pe
https://t.me/idioRusty
https://github.com/g0drlc
https://github.com/justshiftjk
https://x.com/bettyjk0915
https://github.com/apollotoday
https://x.com/0xMuseNine
https://x.com/x_fivefingers
https://github.com/m4rcu5o
https://adamglab.dev/
https://www.mooncity.io
https://github.com/cornel-cp
https://github.com/0xMooncity
https://www.youtube.com/@justshiftjk
https://github.com/AnotherRusty
https://x.com/m4rcu5o
https://futuresea.fun
https://x.com/j_apollum
https://x.com/xg0drlc
https://github.com/0xopsdev
https://www.matthiasli.com/
https://x.com/x__rusty
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
7a87c66718255c5be3c0607e134592d9a8bdb32c
https://t.me/anotherrusty
https://x.com/cornel_pe
https://t.me/idioRusty
https://github.com/g0drlc
https://github.com/justshiftjk
https://x.com/bettyjk0915
https://github.com/apollotoday
https://x.com/0xMuseNine
https://x.com/x_fivefingers
https://github.com/m4rcu5o
https://adamglab.dev/
https://www.mooncity.io
https://github.com/cornel-cp
https://github.com/0xMooncity
https://www.youtube.com/@justshiftjk
https://github.com/AnotherRusty
https://x.com/m4rcu5o
https://futuresea.fun
https://x.com/j_apollum
https://x.com/xg0drlc
https://github.com/0xopsdev
https://www.matthiasli.com/
https://x.com/x__rusty
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
7a87c66718255c5be3c0607e134592d9a8bdb32c