For several months, Cointelegraph participated in an investigation focus on the work of a suspect in North Korea discovered a group of threatening actors trying to record independent vehicles in the cryptocurrency industry.
The investigation was led by Heiner Garcia, an online threat intelligence expert at Telefónica and Blockchain. Garcia revealed how North Korea customers secure independent work online even without using VPN.
Garcia’s analysis of the applicant connects to a network of Japepp accounts and fake Japanese identities that are believed to be linked to North Korea’s operations. In February, Cointelegraph called for participating in the functional interview he held with the work of a suspect in the Democratic Republic of Korea (DPRK), which was called “Motoki”.
Ultimately, Motoki was accidentally exposed to a group of North Korean threat representatives, then irritation.
This is what happened.
North Korean encryption is suspected as a Japanese developer
For the first time, Garcia faced Motuki on Gitap in late January while investigating a group linked to the representatives of the suspected DPRK threats known as “BestSelection18”. It is widely believed that this account is operated by experienced DPRK information technology. It was part of a broader group of suspects who infiltrated into an economy that disturbed the encryption through independent platforms like only one.
Most state representatives in North Korea do not use a picture of the human face in their accounts, so the Motoki file, which has the attention of Garcia drug addict.
“I went directly to this point and just wrote in Telegram,” Garcia told CointeleGRAPH. “It was very easy. I didn’t even say the name of the company.”
On February 24, Garcia called on the South Korean correspondent of Koretelgraf to join an upcoming interview for his fake company – hoping to speak to the Korean language suspected DPRK work by the end of the call.
We were fascinated. If we can meet with the operative, we have had the opportunity to learn how effective these tactics, and hope, how to face them.
On February 25, he met Garcia and Cointelegraph Motoki. We kept web cameras, but Motoki did not. During the interview, which was conducted in English, he often repeated the same responses to different questions, converting the job interview into an embarrassing and misleading conversation.
Motoki showed a doubtful behavior in which it is not in line with the option of a legitimate Japanese developer. For anyone, he could not speak the language.
Related to: From Sony to Bybit: How Lazarus Group has become great in Crypto
We asked Motoki to present himself in Japanese. The light of the screen, which reflects his face, suggested that he was searching feverish through the tabs and windows to find a text to help him answer.
There was a long and tense silence.
“Jiko Shōkai O Onegaishimasuand“ Repeat CointeleGRAph, this time in Japanese.
Abskuki, he threw headphones, and left the interview.
Compared to BestSelection18, Motoki was dirty. He revealed the main details by sharing his screen in the interview. Garcia is that Motoki is likely to be a minimum work that works with Bestselegility18.
Motoki had two calls with Garcia, one with Cointelegraph. In the two calls, its screenshot unveiled access to the special warehouses with the Bestselection18 of what Garcia calls a fraud process.
This is how we linked the entire process and the entire group … Share his screen and revealed that he was working with [bestselection18] In a private Ribo, “Garcia said.
Language evidence indicates North Korea’s origins
In the 2018 study, researchers Note Korean males tend to have wider and more prominent facial structures than their neighbors in East Asia, while Japanese males usually have longer and tight faces. While the wide generalizations, in this case, the Motoki appearance is closely consistent with the Korean file described in the study.
“Well, so let me offer myself. So, I am an experienced engineer in Blockchain and AI with a focus on developing innovation and influential products,” said Motoki during the interview.
Motoki pronouncing in English has provided more clues. Often, he announced the words that start with “R” in the name of “l” substitution It is common among the Korean speakers. Japanese speakers also fight with this distinction, but they tend to integrate sounds into a neutral flap.
It looked more relaxed during personal questions. Motuki said he was born and grew up in Japan, he had no wife or children, and he claimed the original fluency. “I love football,” smiled, and her stomach with a strong “” p. ” hint More model than the English presented.
Related to: Pisces, penetration and psychological earthquake that struck divination
Motoki reveals another North Korean tactic
About a week after the interview with Cointelegraph, Garcia tried to prolong the gunman. He sent a message to Motoki and claimed that his boss released him because of the doubtful interview.
This led to three weeks of exchange of private messages with Motoki. Garcia continued to play, pretending that Motoki was a Japanese developer.
Garcia later asked Motoki to help find a job. In response, Motoki presented a deal and provided an additional look at some operational methods of North Korea.
“They told me they will send me money to buy a computer so that they can work through my computer,” said Garcia.
The arrangement will allow the operator to access a device from another site and carry out tasks without the need for a VPN connection, which can lead to problems on the famous independent platforms.
Garcia and his partner posted their findings about a group of suspected DPRK customers linked to Bestselection18 on April 16 on the ketman open investigation platform.
After a few days, Cointelegraph received a message from Garcia: “The man we met has ended. Everyone has changed. All chats and everything around him have been deleted.”
Motoki has not been heard since then.
Surpishing democratic workers have become a frequent problem of employment in technical industries. Even the main encryption exchanges are targeted. On May 2, Kraken stated that he had identified a North Korea Cyber spy is trying to get a job On the trading platform in the United States.
United Nations Security Council report Estimates North Korea’s IT workers generate up to $ 600 million annually to the system. These spies are able to convert cloudy wages to North Korea. The United Nations believes that these funds help finance its weapons program – which, as of January 2024 belief To include more than 50 nuclear warheads.
magazine: The exploitation of the Lazarus Group group – Hacks Crypto Analysis
publish_date
