DPRK IT Worker-Related Account Takeover
A DPRK IT worker-turned-hacker gains (partial) control over the Waves (Fraud) Protocol.
Understanding DPRK IT Worker Activity - Conversations and Insights
A comprehensive analysis of the tactics, behaviors, and operational patterns of North Korean (DPRK) IT workers.
DPRK IT Workers in Open Source and Freelance Platforms
A cluster of actors discovered in onlyDust.com freelancer platform and beyond
Russian accent in the DPRK related cyber operations
Unusual Discoveries in DPRK IT Worker Profiles connected to Russia
Russian accent in the DPRK related cyber operations
Unusual Discoveries in DPRK IT Worker Profiles connected to Russia
From One North Korean To Four North Koreans To Five Threats
Comingled multiple types of threats hidden within single North Korean operation.
DPRK IT Workers threat in Open Source Organizations
Why should you care about the North Korean contributors. Describing risks associated with DPRK IT Workers for organizations.
Ketman Activity Statement - February 2025
The first month of hunting for DPRK IT Workers in the open source software ecosystem. Some successes, some challanges.
Introducing Ketman Project
In the ever-evolving landscape of cybersecurity, traditional methods of tracking threat actors through hashes, IPs, and websites are not enough. Today...
Malicious Github Accounts with gh-fake-analyzer
On classifying GitHub profiles as potentially malicious using gh-fake-analyzer.
Ketman's Guide to Identifying a Suspicious Github Account Associated with DPRK
The investigation into the threat actor associated with DPRK activities has revealed several interesting insights into how to track this actor's activity based on their own presentation on GitHub.