The life leak shows North Korean staff

Tables show potential targeting for information technology workers. A tab, which apparently includes daily updates, lists job descriptions (“Need a new React and Web3 developer”), companies that advertise them and their locations. It is also linked to vacancies on independent websites or contact information for those who are hired. A “situation” column says whether they are “waiting” or “calling”.

It seems that the images of a spreadsheet seen by Wired cite the potential names of the real world of IT workers. Along with each name, there is a registration and computer model that is said, as well as monitors, hard drives and serial numbers for each device. The “chief chief”, which is not mentioned, apparently uses a 34 -inch monitor and two 500GB hard drives.

A “analysis” page in the data seen by STTYK, a security researcher, shows a list of the types of tasks involved in the fraudulent group: Artificial intelligence, blockchain, scratch, robot development, mobile and web development, business, CMS development, desktop development and “others”. Each group has the potential budget and is a “total payment” part. Dozens of charts on a spreadsheet claim how much they are paid, the most profitable areas for making money, and whether the weekly, monthly or as a fixed amount is the most successful.

“It is professionally implemented,” says Michael Barney Barnert, a prominent North Korean hacking researcher and threatening to work for the security company DTEX. “Everyone has to make their own quota. Everything has to be eliminated. Everything has to be mentioned. “In recent years, he has seen a similar level of a record with complex North Korean hacking groups that have stolen billions of dollars in recent years and are largely separated from IT workers’ plans.

“I think this data is very real,” says Evan Gordard, a senior consulting officer at the 42 -threatening Cyber Security Company Palo Alto Networks. The company has been tracking several data in the data, and one of the prominent GitHub accounts had previously disclosed IT workers’ files publicly. None of the DPRK -related email addresses responded to Wired requests for comment.

Githenub deleted three developer accounts after the Wired communication, with Raj Lad, head of the Cyber Security and Online Security Company, saying they were suspended in accordance with “Spam and illegal activity”. “The prevalence of such threatening activities of the nation is a challenge at the industry level, and it is a complex issue that we take seriously,” says Lad.

Google refused to comment on specific wire accounts, citing privacy and account security policies. “We have processes and policies to identify the operation and report them to the law,” says Mike Sino, a diagnostic and response manager on Google. “These processes include measures against fraudulent activities, informing targeted organizations, and collaborating with public and private partnerships to share threats that strengthen defense against these campaigns.”