Close Menu
Best in TechnologyBest in Technology
  • News
  • Phones
  • Laptops
  • Gadgets
  • Gaming
  • AI
  • Tips
  • More
    • Web Stories
    • Global
    • Press Release

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

What's On

SSA Whistleblower’s Resignation Email Mysteriously Disappeared From Inboxes

30 August 2025

DOGE Operatives Are Joining Donald Trump’s New National Design Studio

29 August 2025

The Internet Revolutionized Porn. Age Verification Could Upend Everything

29 August 2025
Facebook X (Twitter) Instagram
Just In
  • SSA Whistleblower’s Resignation Email Mysteriously Disappeared From Inboxes
  • DOGE Operatives Are Joining Donald Trump’s New National Design Studio
  • The Internet Revolutionized Porn. Age Verification Could Upend Everything
  • Resident Evil Outbreak: Starting RE Requiem’s Spiritual Predecessor | Super Replay
  • The Best Labor Day Deals and Sales
  • How Much Melatonin Should You Be Taking?
  • FEMA’s Chaotic Summer Has Gone From Bad to Worse
  • The White House Apparently Ordered Federal Workers to Roll Out Grok ‘ASAP’
Facebook X (Twitter) Instagram Pinterest Vimeo
Best in TechnologyBest in Technology
  • News
  • Phones
  • Laptops
  • Gadgets
  • Gaming
  • AI
  • Tips
  • More
    • Web Stories
    • Global
    • Press Release
Subscribe
Best in TechnologyBest in Technology
Home » Leak Reveals the Workaday Lives of North Korean IT Scammers
News

Leak Reveals the Workaday Lives of North Korean IT Scammers

News RoomBy News Room8 August 20253 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email

The tables show the potential target jobs for IT workers. One sheet, which seemingly includes daily updates, lists job descriptions (“need a new react and web3 developer”), the companies advertising them, and their locations. It also links to the vacancies on freelance websites or contact details for those conducting the hiring. One “status” column says whether they are “waiting” or if there has been “contact.”

Screenshots of one spreadsheet seen by WIRED appears to list the potential real-world names of the IT workers themselves. Alongside each name is a register of the make and model of computer they allegedly have, as well as monitors, hard drives, and serial numbers for each device. The “master boss,” who does not have a name listed, is apparently using a 34-inch monitor and two 500GB hard drives.

One “analysis” page in the data seen by SttyK, the security researcher, shows a list of types of work the group of fraudsters are involved in: AI, blockchain, web scraping, bot development, mobile app and web development, trading, CMS development, desktop app development, and “others.” Each category has a potential budget listed and a “total paid” field. A dozen graphs in one spreadsheet claim to track how much they have been paid, the most lucrative regions to make money from, and whether getting paid weekly, monthly, or as a fixed sum is the most successful.

“It’s professionally run,” says Michael “Barni” Barnhart, a leading North Korean hacking and threat researcher who works for insider threat security firm DTEX. “Everyone has to make their quotas. Everything needs to be jotted down. Everything needs to be noted,” he says. The researcher adds that he has seen similar levels of record keeping with North Korea’s sophisticated hacking groups, which have stolen billions in cryptocurrency in recent years, and are largely separate to IT worker schemes. Barnhart has viewed the data obtained by SttyK and says it overlaps with what he and other researchers were tracking.

“I do think this data is very real,” says Evan Gordenker, a consulting senior manager at the Unit 42 threat intelligence team of cybersecurity company Palo Alto Networks, who has also seen the data SttyK obtained. Gordenker says the firm had been tracking multiple accounts in the data and that one of the prominent GitHub accounts was previously exposing the IT workers’ files publicly. None of the DPRK-linked email addresses responded to WIRED’s requests for comment.

GitHub removed three developer accounts after WIRED got in touch, with Raj Laud, the company’s head of cybersecurity and online safety, saying they have been suspended in line with its “spam and inauthentic activity” rules. “The prevalence of such nation-state threat activity is an industry-wide challenge and a complex issue that we take seriously,” Laud says.

Google declined to comment on specific accounts WIRED provided, citing policies around account privacy and security. “We have processes and policies in place to detect these operations and report them to law enforcement,” says Mike Sinno, director of detection and response at Google. “These processes include taking action against fraudulent activity, proactively notifying targeted organizations, and working with public and private partnerships to share threat intelligence that strengthens defenses against these campaigns.”

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleAge Verification Is Sweeping Gaming. Is It Ready for the Age of AI Fakes?
Next Article Life After the Atomic Blast, as Told by Hiroshima’s Survivors

Related Articles

News

SSA Whistleblower’s Resignation Email Mysteriously Disappeared From Inboxes

30 August 2025
News

DOGE Operatives Are Joining Donald Trump’s New National Design Studio

29 August 2025
News

The Internet Revolutionized Porn. Age Verification Could Upend Everything

29 August 2025
News

The Best Labor Day Deals and Sales

29 August 2025
News

How Much Melatonin Should You Be Taking?

29 August 2025
News

FEMA’s Chaotic Summer Has Gone From Bad to Worse

29 August 2025
Demo
Top Articles

ChatGPT o1 vs. o1-mini vs. 4o: Which should you use?

15 December 2024105 Views

Costco partners with Electric Era to bring back EV charging in the U.S.

28 October 202495 Views

5 laptops to buy instead of the M4 MacBook Pro

17 November 202490 Views

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

Latest News
News

How Much Melatonin Should You Be Taking?

News Room29 August 2025
News

FEMA’s Chaotic Summer Has Gone From Bad to Worse

News Room29 August 2025
News

The White House Apparently Ordered Federal Workers to Roll Out Grok ‘ASAP’

News Room29 August 2025
Most Popular

The Spectacular Burnout of a Solar Panel Salesman

13 January 2025129 Views

ChatGPT o1 vs. o1-mini vs. 4o: Which should you use?

15 December 2024105 Views

Costco partners with Electric Era to bring back EV charging in the U.S.

28 October 202495 Views
Our Picks

Resident Evil Outbreak: Starting RE Requiem’s Spiritual Predecessor | Super Replay

29 August 2025

The Best Labor Day Deals and Sales

29 August 2025

How Much Melatonin Should You Be Taking?

29 August 2025

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

Facebook X (Twitter) Instagram Pinterest
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact Us
© 2025 Best in Technology. All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.