Summary of Findings on Suspicious GitHub Activity Linked to DPRK IT Workers
Contents
Summary of Findings on Suspicious GitHub Activity Linked to DPRK IT Workers
This investigation seeks to analyze findings from previous research and identify profile image patterns and behavioral traits associated with DPRK-IT worker accounts on GitHub.
The investigations around the suspicious activity on GitHub began with this account: Onder kayabsi
https://www.linkedin.com/in/onder-kayabasi-772a33302/
After reviewing the profile, we noticed several inconsistencies across the individual’s history, profiles, and activity:
All the information profile image and description did not match
To understand more the behavior of the user, the best approach is to look the context (GitHub) and the behavior in it ( What is the reason?).
The account Kaan Kayabasi related to this user have one follower called: “Devmaster929”
This follower: Devmaster929, registered by: [email protected]
By checking who he follows, we see some accounts that seems to be fake recruiter profiles. If we check the list of followers mentioned before one by one, we can see there are many fake profiles farming …
This investigation seeks to analyze findings from previous research and identify profile image patterns and behavioral traits associated with DPRK-IT worker accounts on GitHub.
The investigations around the suspicious activity on GitHub began with this account: Onder kayabsi
https://www.linkedin.com/in/onder-kayabasi-772a33302/
After reviewing the profile, we noticed several inconsistencies across the individual’s history, profiles, and activity:
All the information profile image and description did not match
To understand more the behavior of the user, the best approach is to look the context (GitHub) and the behavior in it ( What is the reason?).
The account Kaan Kayabasi related to this user have one follower called: “Devmaster929”
This follower: Devmaster929, registered by: [email protected]
By checking who he follows, we see some accounts that seems to be fake recruiter profiles. If we check the list of followers mentioned before one by one, we can see there are many fake profiles farming …
IoC
https://github.com/Seniorcoder72
https://github.com/supercoder-0923
https://github.com/SMILES00714
https://github.com/warmice71/vinci-store-product-scraping
https://github.com/AI0228
https://github.com/capitalist42
https://github.com/sunlight0902
https://github.com/ERTWENTY
https://github.com/hudesdev
https://github.com/orgs/Finalgoal231/discussions/69
https://github.com/codestar3524
https://github.com/bstar0406
https://github.com/Forest410
https://github.com/warmice71
https://github.com/topdev0215
https://github.com/enzifiri
https://github.com/niceDeve
https://www.linkedin.com/in/onder-kayabasi-772a33302/
https://github.com/WhiteRabbit130
https://github.com/WebRabbit1796
[email protected]
https://github.com/supercoder-0923
https://github.com/SMILES00714
https://github.com/warmice71/vinci-store-product-scraping
https://github.com/AI0228
https://github.com/capitalist42
https://github.com/sunlight0902
https://github.com/ERTWENTY
https://github.com/hudesdev
https://github.com/orgs/Finalgoal231/discussions/69
https://github.com/codestar3524
https://github.com/bstar0406
https://github.com/Forest410
https://github.com/warmice71
https://github.com/topdev0215
https://github.com/enzifiri
https://github.com/niceDeve
https://www.linkedin.com/in/onder-kayabasi-772a33302/
https://github.com/WhiteRabbit130
https://github.com/WebRabbit1796
[email protected]