温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.bee.com/vi/55579.html
点击访问原文链接

After reverse hacking North Korean hackers, I saw how they workRecommended Articles | Bee Network

进入原网站 导航首页
After reverse hacking North Korean hackers, I saw how they workRecommended Articles | Bee Network Login Tin tức thịnh hành Nền tảng khởi chạy meme Các tác nhân trí tuệ nhân tạo (AI) DeSci TopChainExplorer Dành cho Newbee Tiền xu 100 lần Trò chơi Ong Trang web cần thiết ỨNG DỤNG Phải Có Người nổi tiếng về tiền điện tử DePIN Tân binh cần thiết Máy dò bẫy Công cụ cơ bản Trang web nâng cao Trao đổi Công cụ NFT CHÀO, Đăng xuất Vũ trụ Web3 Trò chơi Ứng dụng phi tập trung (DApp) Tổ ong Nền tảng phát triển QUẢNG CÁO Tìm kiếm Tiếng Anh Nạp xu Đăng nhập Tải xuống Đại học Web3 Trò chơi Ứng dụng phi tập trung (DApp) Tổ ong QUẢNG CÁO trang chủPhân tích•After reverse hacking North Korean hackers, I saw how they workRecommended Articles After reverse hacking North Korean hackers, I saw how they workRecommended ArticlesPhân tích7 tháng trước更新Wyatt 25.9681 32 Biên soạn bởi Odaily Planet Daily ( @OdailyTrung Quốc ); Translated by Azuma ( @azuma_eth )

Editor’s Note: North Korean hackers have always been a major threat to the mật mãcurrency market. In the past, victims and industry security professionals could only infer North Korean hackers’ behavior patterns by reverse engineering related security incidents. However, yesterday, renowned on-chain detective ZachXBT, in a recent tweet, cited an investigation and analysis by a white-hat hacker who reverse-hackered North Korean hackers. This proactive analysis reveals the North Korean hackers’ working methods for the first time , potentially providing positive insights into preemptive security measures for industry projects.

The following is the full text of ZachXBT, compiled by Odaily Planet Daily.

An anonymous hacker recently compromised the device of a North Korean IT worker, revealing how a five-person technical team operated over 30 fake identities , using fake government-issued IDs and purchased Upwork and LinkedIn accounts to infiltrate various development projects.

Investigators obtained Google Drive data, Chrome browser profiles, and device screenshots, which revealed that the team relied heavily on Google tools to coordinate work schedules, assign tasks, and manage budgets, with all communications conducted in English.

A weekly report from 2025 revealed the hacker team’s work patterns and the difficulties they encountered. For example, one member complained that they “couldn’t understand the job requirements and didn’t know what to do.” The corresponding solution was to “dedicate ourselves and work harder.”

Detailed expense records show that their expenditure items include purchasing social security numbers (SSNs), Upwork and LinkedIn account transactions, renting phone numbers, subscribing to AI services, renting computers, and purchasing VPN/proxy services.

One spreadsheet detailed the schedule and scripts for meetings attended by the fictitious “Henry Zhang.” The operational process revealed that these North Korean IT workers would first purchase Upwork and LinkedIn accounts, rent computer equipment, and then complete outsourced work using the AnyDesk remote control tool.

One of the wallet addresses they used to send and receive funds was: 0x78e1a4781d184e7ce6a124dd96e765e2bea96f2c ;

This address is closely linked to the $680,000 Favrr protocol attack in June 2025. Its CTO and other developers were later confirmed to be North Korean IT workers with forged credentials. This address has also been used to identify North Korean IT personnel involved in other infiltration projects.

The team also found the following key evidence in their search records and browser history.

One might ask, “How can we be sure they are from North Korea?” In addition to all the fraudulent documents detailed above, their search history also shows that they frequently use Google Translate and translate into Korean using a Russian IP.

Currently, the main challenges for enterprises in preventing North Korean IT workers are as follows:

Lack of systematic collaboration: There is a lack of effective information sharing and cooperation mechanisms between platform service providers and private enterprises; Employer oversight: Hiring teams often become defensive after receiving risk warnings, or even refuse to cooperate with investigations; Impact of numerical advantage: Although its technical means are not complicated, it continues to penetrate the global job market with its huge base of job seekers; Funding conversion channels: Payment platforms such as Payoneer are frequently used to convert fiat currency income from development work into cryptocurrency; I have introduced the indicators that need attention many times. If you are interested, you can check out my historical tweets. I will not repeat them here.

Bài viết này được lấy từ internet: After reverse hacking North Korean hackers, I saw how they workRecommended Articles

Related: SOL ETF approved. Who is playing the role of Solana version of MicroStrategy in the US stock market? On June 30, the Solana spot staking ETF jointly launched by REX and Osprey was approved and will officially start trading on July 2, this Wednesday. This is the first cryptocurrency ETF in the US market that includes on-chain staking income. After the news was announced, the price of SOL rose by nearly 6%, breaking through $160 in a short period of time and now at $154. Previously, the SOL ETF applications submitted by many well-known institutions have not been approved for a long time, but an unknown company has passed customs first. What is the difference between the ETF launched by REX-Osprey, which was the first to cross the line? In the US stock market, what other companies and assets are betting on the Solana ecosystem and becoming investment…

Phân tích #Tiền mã hóa #Thị trường #Công cụ #© 版权声明Mảng 上一 hình ảnh MyStonks' $6.2 million withdrawal blocked: regulatory enforcement, not platform misappropriationRecommended Articles 下一 hình ảnh ETHGlobal NYC Hackathon Concludes: A Roundup of the Top 10 Winning ProjectsRecommended Articles 相关文章 Airdrop Weekly Report | Monad will launch its public sale on November 17; Aster begins Phase 4, Aster Harvest (November 6086cf14eb90bc67ca4fc62b 18.636 Những gì có thể thực hiện trên Berachain: Khám phá các ứng dụng phi tập trung (dApps) và chiến lược quan trọng trên mạng chính (mainnet) quản trị viên 265.257 91 Crypto Week was a sudden cold reception: the House of Representatives unexpectedly stuck, Trumps calls failed 6086cf14eb90bc67ca4fc62b 25.241 1 UXLINK July 2025 Interview: Achievements, Vision and Future Plans 6086cf14eb90bc67ca4fc62b 28.789 5 With its assets exceeding 100 million, Sun Wukong’s innovative gameplay is leading a DEX resurgence and is poised to bec 6086cf14eb90bc67ca4fc62b 15.412 1 Cardano Whales Amass 300 Million ADA As Price Crashed 20% This Week Zhangming Luo 35.634 1 1 bình luận Bạn phải đăng nhập để co thể để lại một lơi nhận xét! Đăng nhập ngay lập tức #BeelieverPD352YL Khách mời Tốt

1 tuần trước Bài viết mới nhất Did Jane Street “Manipulate” BTC? Decoding the AP System, Understanding the Power Struggle Behind ETF Creation and Redemption Pricing 16 giờ trước 534 Stop Comparing Bitcoin to Gold—It’s Now a High-Volatility Software Stock 16 giờ trước 648 Matrixport Research: $25 Billion Gamma Unwinding Imminent, Liquidity Yet to Return Behind the Rebound 16 giờ trước 598 ERC-5564: Ethereum’s Stealth Era Has Arrived, Receiving Addresses No Longer ‘Exposed’ 16 giờ trước 518 Hong Kong Regulatory Green Light: Asseto Enables DL Holdings to Achieve Compliance for Two RWA Business Implementations 16 giờ trước 569 Trang web phổ biếnTempoLighterGAIBMáy bay lượnPlanckRaylsBCPokerVooi Bee.com Cổng thông tin Web3 lớn nhất thế giới Đối tác đồng xuCá chép Binance CoinMarketCap CoinGecko Coinlive Giáp Tải xuống Bee Network APP và bắt đầu hành trình web3 Giấy trắng Vai trò Câu hỏi thường gặp © 2021–2026. Tất cả quyền được bảo lưu. Chính sách bảo mật | Điều khoản dịch vụ Tải xuống ứng dụng Bee Network và bắt đầu hành trình web3 Cổng thông tin Web3 lớn nhất thế giới Đối tác CoinCarp Binance CoinMarketCap CoinGecko Coinlive Armors Giấy trắng Vai trò Câu hỏi thường gặp © 2021–2026. Tất cả quyền được bảo lưu. Chính sách bảo mật | Điều khoản dịch vụ Tìm kiếm Tìm kiếmTrong trang webOnChainXã hộiTin tức 热门推荐: Thợ săn airdrop Phân tích dữ liệu Người nổi tiếng về tiền điện tử Máy dò bẫy Tiếng Việt English 繁體中文 简体中文 日本語 العربية 한국어 Bahasa Indonesia हिन्दी اردو Русский Tiếng Việt

智能索引记录