[the_af]

I don't consider screenshots evidence of anything, so I'll completely disregard that bit.

I'm curious about your personal experience though. Did you try this tactic, and did it work? And how sure are you these weren't random hackers or trolls, but actual NK agents?

> many are amateurs

So basically this would only get rid of the amateurs, low hanging fruit that would have been caught soon enough anyway, and do a "natural selection" of only the non-stupid NK hackers to infiltrate your org?

[danielvf]

> And how sure are you these weren't random hackers or trolls, but actual NK agents?

"Agents" is way too big of a word. Just cogs in a corporate theft machine.

There's a lot of reasons I'm sure, but the biggest is because before a hack they asked for help doing something simple with a crypto address that was later used to test run the 50 million dollar theft that was North Korea. And also trying to drop North Korean linked malware is another data point.

This also hits my point about both dangerous and amateurs. They pulled off pretty sophisticated heist but, had to ask for help, asked for help using a crypto address tied to the theft, and blew the cover on an identity they had been building up for a year.

Here's a twitter thread I put together of both my conversation and others with this particular account:

https://x.com/danielvf/status/1905642180749775189

[the_af]

Thanks for the reply, I'll take a look!

Do you think asking them to say something offensive about Kim Jong Un would have outed them?