ZachXBT: North Korean IT personnel exposed as operating 30+ fake identities, involved in $680,000 attack

PANews reported on August 13th that ZachXBT revealed that a source hacked into the devices of North Korean IT personnel and discovered that a small team of them had obtained developer positions using more than 30 fake identities, purchased Upwork and LinkedIn accounts using government IDs, and worked through AnyDesk. The relevant data included Google Drive exports, Chrome profiles, and screenshots.

Wallet address 0x78e1 is closely linked to the $680,000 attack on the Favrr platform in June 2025. More North Korean IT personnel have also been identified. The team used Google products to schedule tasks, purchase SSNs, AI subscriptions, and VPNs. Some browsing history showed frequent use of Google Translate for Korean translations, and the IP address was Russian. Neglect by recruiters and a lack of coordination between services are major challenges in combating this activity.

Share to:

Author: PA一线

This content is for informational purposes only and does not constitute investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
2025-12-05 06:00
2025-11-25 23:00
2025-11-19 06:15
2025-11-17 00:28
2025-11-08 07:14
2025-11-07 13:50

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读