Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    The Verge’s favorite gifts for book lovers

    August 31, 2025

    Meta is struggling to rein in its AI chatbots

    August 31, 2025

    AI agents are science fiction not yet ready for primetime

    August 31, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » Leak Reveals the Workaday Lives of North Korean IT Scammers
    Security

    Leak Reveals the Workaday Lives of North Korean IT Scammers

    News RoomBy News RoomAugust 11, 20253 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    The tables show the potential target jobs for IT workers. One sheet, which seemingly includes daily updates, lists job descriptions (“need a new react and web3 developer”), the companies advertising them, and their locations. It also links to the vacancies on freelance websites or contact details for those conducting the hiring. One “status” column says whether they are “waiting” or if there has been “contact.”

    Screenshots of one spreadsheet seen by WIRED appears to list the potential real-world names of the IT workers themselves. Alongside each name is a register of the make and model of computer they allegedly have, as well as monitors, hard drives, and serial numbers for each device. The “master boss,” who does not have a name listed, is apparently using a 34-inch monitor and two 500GB hard drives.

    One “analysis” page in the data seen by SttyK, the security researcher, shows a list of types of work the group of fraudsters are involved in: AI, blockchain, web scraping, bot development, mobile app and web development, trading, CMS development, desktop app development, and “others.” Each category has a potential budget listed and a “total paid” field. A dozen graphs in one spreadsheet claim to track how much they have been paid, the most lucrative regions to make money from, and whether getting paid weekly, monthly, or as a fixed sum is the most successful.

    “It’s professionally run,” says Michael “Barni” Barnhart, a leading North Korean hacking and threat researcher who works for insider threat security firm DTEX. “Everyone has to make their quotas. Everything needs to be jotted down. Everything needs to be noted,” he says. The researcher adds that he has seen similar levels of record keeping with North Korea’s sophisticated hacking groups, which have stolen billions in cryptocurrency in recent years, and are largely separate to IT worker schemes. Barnhart has viewed the data obtained by SttyK and says it overlaps with what he and other researchers were tracking.

    “I do think this data is very real,” says Evan Gordenker, a consulting senior manager at the Unit 42 threat intelligence team of cybersecurity company Palo Alto Networks, who has also seen the data SttyK obtained. Gordenker says the firm had been tracking multiple accounts in the data and that one of the prominent GitHub accounts was previously exposing the IT workers’ files publicly. None of the DPRK-linked email addresses responded to WIRED’s requests for comment.

    GitHub removed three developer accounts after WIRED got in touch, with Raj Laud, the company’s head of cybersecurity and online safety, saying they have been suspended in line with its “spam and inauthentic activity” rules. “The prevalence of such nation-state threat activity is an industry-wide challenge and a complex issue that we take seriously,” Laud says.

    Google declined to comment on specific accounts WIRED provided, citing policies around account privacy and security. “We have processes and policies in place to detect these operations and report them to law enforcement,” says Mike Sinno, director of detection and response at Google. “These processes include taking action against fraudulent activity, proactively notifying targeted organizations, and working with public and private partnerships to share threat intelligence that strengthens defenses against these campaigns.”

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleJoin Our Next Livestream: What GPT-5 Means for ChatGPT Users
    Next Article Matter’s latest update doubles down on stability and pushes the platforms to play better together

    Related Posts

    The Era of AI-Generated Ransomware Has Arrived

    August 30, 2025

    US Government Seeks Medical Records of Trans Youth

    August 29, 2025

    Senate Probe Uncovers Allegations of Widespread Abuse in ICE Custody

    August 27, 2025

    Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database

    August 27, 2025

    A Special Diamond Is the Key to a Fully Open Source Quantum Sensor

    August 25, 2025

    Data Brokers Face New Pressure for Hiding Opt-Out Pages From Google

    August 23, 2025
    Our Picks

    Meta is struggling to rein in its AI chatbots

    August 31, 2025

    AI agents are science fiction not yet ready for primetime

    August 31, 2025

    How to See the Total Lunar Eclipse and Blood Moon on September 7

    August 31, 2025

    Verizon’s ‘software issue’ has disconnected many wireless customers across the US

    August 30, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    News

    No, a Windows update probably didn’t brick your SSD

    By News RoomAugust 30, 2025

    For the last week or two, reports have been circulating that recent Windows 11 updates…

    The 20 best Labor Day deals you can grab for $100 or less

    August 30, 2025

    SpaceX Starship Finally Pulls Off a Successful Test Flight

    August 30, 2025

    The Era of AI-Generated Ransomware Has Arrived

    August 30, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.