DPRK IT Workers in Open Source and Freelance Platforms
(ketman.org)
On February 9, 2025, we discovered a suspicious actor within the repository of a legitimate developer. Initially, we informed the developer about the potential malicious intent of one of his active committers. This led us into a two-month-long process of discovering additional North Korean actors, “PR Spammers” and experiencing the subpar vetting process present in one of the “Pay for PR” (freelance) platforms in Web3.
On February 9, 2025, we discovered a suspicious actor within the repository of a legitimate developer. Initially, we informed the developer about the potential malicious intent of one of his active committers. This led us into a two-month-long process of discovering additional North Korean actors, “PR Spammers” and experiencing the subpar vetting process present in one of the “Pay for PR” (freelance) platforms in Web3.