Infiltrating North Korean IT workers

Infiltrating North Korean IT workers

It is true that North Korea has engaged in malicious activities in other areas of cyberspace in recent years. For example, they have conducted cyber attacks targeting cryptocurrency exchanges and used IT worker to earn foreign currency. In this talk, we will focus on IT workers' foreign currency earnings and use our own methods to reveal the infrastructure they use. These methods are OSINT and social engineering. Using these two methods, we were finally able to attribute a person who we believe to be an IT worker to North Korea. In the process, we contacted an actor, we also obtained information on fake IDs, bank account information, and IP addresses. The process will be explained in the talk.