Why Is a North Korean Mail Server Using a .cc Domain?
Contents
by Robin Dost
Today I stumbled over a rather accidental finding during a routine analysis of North Korean infrastructure that I would like to share with you.
Since North Korea does not exactly use the internet for legitimate purposes and is well known for a long history of attacks against (critical) infrastructure, I consider it reasonable to treat essentially all North Korean internet-facing infrastructure as a threat entity by default. Infrastructure changes often reveal far more about a threat actor than individual malware samples ever will and the same applies to nation states like North Korea. That is precisely why this infrastructure deserves continuous observation.
For clarity: no offensive actions were performed during this analysis. Everything shown here is based exclusively on publicly accessible data and very basic reconnaissance.
Even if the target happens to be North Korean infrastructure, operating within legal boundaries remains mandatory. Germany unfortunately does not always make this easy, but …
Today I stumbled over a rather accidental finding during a routine analysis of North Korean infrastructure that I would like to share with you.
Since North Korea does not exactly use the internet for legitimate purposes and is well known for a long history of attacks against (critical) infrastructure, I consider it reasonable to treat essentially all North Korean internet-facing infrastructure as a threat entity by default. Infrastructure changes often reveal far more about a threat actor than individual malware samples ever will and the same applies to nation states like North Korea. That is precisely why this infrastructure deserves continuous observation.
For clarity: no offensive actions were performed during this analysis. Everything shown here is based exclusively on publicly accessible data and very basic reconnaissance.
Even if the target happens to be North Korean infrastructure, operating within legal boundaries remains mandatory. Germany unfortunately does not always make this easy, but …
IoC
175.45.178.56
175.45.177.33
175.45.178.57
175.45.178.55
[email protected]
[email protected]
[email protected]
175.45.177.33
175.45.178.57
175.45.178.55
[email protected]
[email protected]
[email protected]