Whats this... real DPRK ITW names and related emails/profiles?! 🇰🇵🍪🇰🇵🍪🇰🇵🍪

Enjoyyy and enrich with your data in the thread below ~> ❤️❤️🔥🔥

(will post raw for easier searching in 🧵🧵)

@Narcass3 @aptwhatnow @KawaiiJongUwUn @KeyboardTrial2 @eastside_nci #NorthKorea #DPRK @Narcass3 @aptwhatnow @KawaiiJongUwUn @KeyboardTrial2 @eastside_nci Black Man
github[.]com/Lunggo123
calanderin0130@gmail[.]com

Ri Min Hyok
Mister Black
github[.]com/business-developer-alpha business.developer.alpha@gmail[.]com

Jon Son Chol
goodlife26918@gmail[.]com
trello[.]com/u/goodlife169
github[.]com/good-life-26918

Other ✨interesting ✨North Korean threat actor Google searches and/or communications. 🧵

(1) Researching drones, radar trucks, etc. Lots of activity

#DPRK #NorthKorea roboflow.com


Looks like they wanted someone to believe they were a citizen of Ukraine! Had to take the day off due to "mass shelling". Needed funds moved outside of @Upwork .

#DPRK #NorthKorea

DPRK.

"David" also has a zillion other identities he leverages (see thread 🧵). A few interesting ones are several emails under the Korean named app "Haru Hana" (below)

development@haruhana-happytown[.]com
john0812@haruhana-happytown[.]com
thomas0907@haruhana-happytown[.]com More:
david.wenske111@gmail[.]com
jairferreira.dos.santos.plana@gmail[.]com
costin.florea.alba@gmail[.]com
happytown.haruhana@gmail[.]com
smartfox0520@gmail[.]com
josh.desire.soft1020@gmail[.]com
piotr.bugaj.pl@gmail[.]com
christopherfleming0414@gmail[.]com

Gonna really cook with this one - READY?! 🧵

Did you know DPRK "remote workers" are heavily involved in work outside of IT? Some ITW have transitioned into to Civil Engineers! This has been going on for quite some time... THIS INCLUDES stamping engineering drawings for construction in the U.S. as purported "Structural Engineers". They are also electrical engineers, construction engineering, etc. they will create CAD drawings for you on your next construction project.

Hello! I come bearing ("suspected") DPRK gifts. Including public Google Drive links they left open containing 🧁goodies. Copies have been made, don't worry!

My (safe) link for the research:


Quick pic..*WAY* data more in files! docs.google.com/document/d/1Id… Other GH mentioned

Github: mastercodercat (Web3/Crypto)
Github: smartgeek1003/olderdev523
Github: adonis0907 (TERMINATED)
- gmail acct exists: adonis0907[@]gmail

@Mandiant @DtexSystems

His name may be Bobby Lee Ray, but don't be fooled! Although it sounds like he might own a BBQ shop in Tennessee..... he's actually a ✨DPRK IT worker✨ This is a DPRK IT worker, Nikos Amofa! You might find him on other sites too, if you look!

How do you catch a DPRK actor you ask? Here are a few things to think about;

1. They love to use a VPN when applying for jobs. Check your HR system. 2. They love certain email schemas, including emails ending in "dev", "eng", "soft", using periods to separate names (e.g., , corly.devguru. They most commonly use gmail. They also have numbers at the end such as "benton.franklin.0710" "dev84".luke.ford.dev

Meet Faraz, he's a North Korean IT worker.

#dprk #cybersecurity #northkorea @Mandiant @Mandiant Meet Jason Rostro, he's a North Korean IT worker.

#dprk #cybersecurity #northkorea