Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

Inside the DPRK: Spotting Malicious Remote IT Applicants

Medium
CampaignDPRKIT Workers
Published: Thu May 15 2025 (05/15/2025, 13:26:12 UTC)
Source: AlienVault OTX

Description

The Democratic People’s Republic of Korea (DPRK) deploys skilled IT workers remotely to organizations globally funding its weapons of mass destruction (WMD) and missile programs, violating sanctions. In recent weeks, the techniques leveraged to evade detection have evolved, reducing reliance on traditional “laptop farms”. The threat has also expanded beyond the U.S. with active operations within Europe and other regions. Included is a list of emails that are tied and associated with DPRK Insider IT Worker infrastructure that may have been used for potential employment opportunities.

AI-Powered Analysis

AILast updated: 06/19/2025, 18:02:32 UTC

Technical Analysis

This threat involves a covert campaign by the Democratic People’s Republic of Korea (DPRK) to infiltrate organizations globally, including in Europe, by deploying skilled IT workers remotely under the guise of legitimate employment applicants. These remote IT workers are leveraged to support DPRK’s weapons of mass destruction (WMD) and missile programs, thereby violating international sanctions. Unlike earlier tactics that relied heavily on 'laptop farms'—clusters of physical devices used to conduct cyber operations—the DPRK has evolved its approach to reduce reliance on such infrastructure, making detection more difficult. The campaign uses sophisticated evasion techniques to bypass traditional security controls and screening processes. The threat actors use email addresses tied to DPRK insider IT worker infrastructure to apply for remote IT positions, potentially gaining access to sensitive internal systems once employed. This method allows the DPRK to embed operatives within target organizations, facilitating espionage, intellectual property theft, and possibly the insertion of backdoors or other malicious tools to support their strategic objectives. Although no direct exploits or malware have been reported in the wild linked to this campaign, the risk lies in the insider threat vector—trusted access granted through employment. The campaign has expanded beyond the U.S. to include active operations within Europe and other regions, indicating a broadening scope and increased sophistication in DPRK’s global cyber operations. The lack of specific affected software versions or technical vulnerabilities suggests the primary attack vector is social engineering and insider threat rather than technical exploitation of software flaws.

Potential Impact

For European organizations, the infiltration of skilled DPRK IT workers poses significant risks. Once embedded, these insiders could exfiltrate sensitive data, intellectual property, or trade secrets, particularly in sectors critical to national security, defense, aerospace, telecommunications, and advanced manufacturing. The presence of DPRK operatives could also facilitate the introduction of persistent backdoors or sabotage critical infrastructure systems, undermining operational integrity and availability. Given the DPRK’s focus on funding its WMD and missile programs, organizations involved in research, development, or supply chains related to dual-use technologies are at heightened risk. The campaign’s evasion of traditional detection methods complicates mitigation efforts, increasing the likelihood of prolonged undetected access. Additionally, the reputational damage and regulatory consequences for European companies found to have been compromised by such insider threats could be severe, especially under stringent data protection and cybersecurity regulations like GDPR and NIS2. The expansion of this campaign into Europe signals a strategic targeting of European technological and industrial assets, amplifying the geopolitical risk landscape for affected countries.

Mitigation Recommendations

European organizations should implement enhanced vetting and continuous monitoring of remote IT applicants and employees, especially those in sensitive roles or with access to critical systems. This includes rigorous background checks that consider geopolitical risk factors and the use of threat intelligence feeds to identify suspicious email addresses or infrastructure linked to DPRK operations. Behavioral analytics and user and entity behavior analytics (UEBA) tools should be deployed to detect anomalous activities indicative of insider threats. Network segmentation and the principle of least privilege must be enforced to limit access scope for new hires until their trustworthiness is established. Multi-factor authentication (MFA) and strong identity and access management (IAM) policies are essential to reduce the risk of credential misuse. Organizations should also conduct regular security awareness training focused on social engineering and insider threat risks. Collaboration with national cybersecurity agencies and sharing of threat intelligence related to DPRK campaigns will improve detection and response capabilities. Finally, organizations should audit and monitor outbound data flows to detect potential exfiltration attempts early.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
BelgiumBelgium
SwedenSweden
FinlandFinland
Need more detailed analysis?Get Pro

Technical Details

Author
AlienVault
Tlp
white
References
["https://www.dtexsystems.com/resources/i3-threat-advisory-inside-the-dprk/"]
Adversary

Indicators of Compromise

Email

ValueDescriptionCopy
emailaaron.pierson@proton.me
emailbaboj42999@jucatyo.com
emailbeficem744@eazenity.com
emailbeipoumaxeprou-2943@mickaben.xxl.st
emailbetob68774@glalen.com
emailbidame5479@notedns.com
emailbijereiriro-1136@ac-cool.c4.fr
emailbijereiriro-1136@eureka.0rg.fr
emailbijereiriro-1136@pamil.1s.fr
emailbijereiriro-1136@speed.1s.fr
emailbimeret507@nasmis.com
emailbipafi1365@dabeixin.com
emailbopporommoifre-5869@webstore.fr.nf
emailboranah802@eazenity.com
emailboyexof271@mainoj.com
emailbregadofaho-7143@1xp.fr
emailbregadofaho-7143@ab34.fr
emailbregadofaho-7143@habenwir.com
emailbregadofaho-7143@ip11.tk
emailbregadofaho-7143@mail34.fr
emailbregadofaho-7143@new.ovh
emailbregadofaho-7143@nori24.tv
emailbregadofaho-7143@wishy.fr
emailbrexeulapipou-4737@ac-cool.c4.fr
emailbrexeulapipou-4737@alkonealko.cz
emailbrexeulapipou-4737@doviaso.fr.cr
emailbrexeulapipou-4737@eureka.0rg.fr
emailbrexeulapipou-4737@ip11.tk
emailbrexeulapipou-4737@pamil.1s.fr
emailbrexeulapipou-4737@pitiful.pp.ua
emailbrexeulapipou-4737@six25.biz
emailbrexeulapipou-4737@speed.1s.fr
emailbroxemeguge-9110@ac-cool.c4.fr
emailbroxemeguge-9110@alkonealko.cz
emailbroxemeguge-9110@doviaso.fr.cr
emailbroxemeguge-9110@eureka.0rg.fr
emailbroxemeguge-9110@gland.xxl.st
emailbroxemeguge-9110@ip11.tk
emailbroxemeguge-9110@pitiful.pp.ua
emailbroxemeguge-9110@six25.biz
emailbroxemeguge-9110@speed.1s.fr
emailbroxemeguge-9110@vip.ep77.com
emailbulotteffupeu-7940@ac-cool.c4.fr
emailbulotteffupeu-7940@eureka.0rg.fr
emailbulotteffupeu-7940@gland.xxl.st
emailbulotteffupeu-7940@pitiful.pp.ua
emailbulotteffupeu-7940@six25.biz
emailbulotteffupeu-7940@speed.1s.fr
emailbulotteffupeu-7940@vip.ep77.com
emailbulotteffupeu-7940@y.iotf.net
emailcarel62103@bixolabs.com
emailcefunnenuba-9455@webstore.fr.nf
emailcevoubroxouteu-6544@nomes.fr.nf
emailcicowa2826@mainmile.com
emailcoijauxoupose-1178@mx.fuppurge.info
emailcomom62694@cabose.com
emailconojo8149@mainoj.com
emailcregilloisuwa-4621@webstore.fr.nf
emailcreizogedipe-4669@nomes.fr.nf
emailcroinippautrecri-8624@nomes.fr.nf
emailcrougiprereleu-7251@webstore.fr.nf
emaildarat61363@bikedid.com
emaildasowa4227@jucatyo.com
emaildeddatrecriffa-5715@nomes.fr.nf
emaildepucaddixo-3652@nomes.fr.nf
emaildipruppezeloi-5975@nomes.fr.nf
emaildobaxe8313@ikanid.com
emaildofinok666@cumzle.com
emaildonef88981@mainmile.com
emaileugenepalla@proton.me
emailfasidam184@eazenity.com
emailfebapac526@mainoj.com
emailfeheniy441@eazenity.com
emailfesapezenne-1195@nomes.fr.nf
emailfimak95758@eazenity.com
emailfoicogretiso-1163@mx.fuppurge.info
emailfoikobobexo-3007@webstore.fr.nf
emailfotatot600@nasmis.com
emailfotaxo6219@nexxterp.com
emailfoufreidautroifre-2189@webstore.fr.nf
emailfoulottecoddei-6239@ac-cool.c4.fr
emailfoulottecoddei-6239@alkonealko.cz
emailfoulottecoddei-6239@doviaso.fr.cr
emailfoulottecoddei-6239@gland.xxl.st
emailfoulottecoddei-6239@ip11.tk
emailfoulottecoddei-6239@speed.1s.fr
emailfoulottecoddei-6239@vip.ep77.com
emailfoulottecoddei-6239@y.iotf.net
emailfrerifezoja-7358@webstore.fr.nf
emailfrouzadeuzuppau-2523@webstore.fr.nf
emailgadajip545@bikedid.com
emailgajifov999@jucatyo.com
emailgayida4753@notedns.com
emailgefoke6512@glalen.com
emailgejose4948@ikanid.com
emailgenitimuxo-9768@nomes.fr.nf
emailgeyano3016@frandin.com
emailgigagih583@mainoj.com
emailginahih951@mainoj.com
emailgirihad428@mainmile.com
emailgobikaj603@ikanid.com
emailgodajor373@mainoj.com
emailgogicrobrutta-3826@webstore.fr.nf
emailgokep32580@mainmile.com
emailgopep60906@dabeixin.com
emailgowasil962@nasmis.com
emailgroiddoiddeuhabreu-8976@fuppurge.info
emailgrucravoillaza-9338@webstore.fr.nf
emailhakabi1553@eazenity.com
emailhamiv48474@bikedid.com
emailhautreunnigrexa-3887@alkonealko.cz
emailhautreunnigrexa-3887@gland.xxl.st
emailhautreunnigrexa-3887@ip11.tk
emailhautreunnigrexa-3887@vip.ep77.com
emailhautreunnigrexa-3887@y.iotf.net
emailhavavouvello-3548@nomes.fr.nf
emailhehibag690@nexxterp.com
emailheucrejoujese-5630@mickaben.xxl.st
emailhevenih849@ikanid.com
emailhifala9762@cabose.com
emailhifoyok513@nasmis.com
emailhinneumijettau-9228@mickaben.xxl.st
emailhipef21732@eachart.com
emailhipod86565@dabeixin.com
emailhisisi1436@dabeixin.com
emailhissalloppappei-6047@webstore.fr.nf
emailhocag23880@dpsols.com
emailhopone2066@bixolabs.com
emailhoppeuyenneneu-7426@webstore.fr.nf
emailhoxova6300@bikedid.com
emailhupreupequire-7546@nomes.fr.nf
emailjeilobreudefa-5402@dmts.fr.nf
emailjeullayippepro-6422@ac-cool.c4.fr
emailjeullayippepro-6422@alkonealko.cz
emailjeullayippepro-6422@doviaso.fr.cr
emailjeullayippepro-6422@eureka.0rg.fr
emailjeullayippepro-6422@pamil.1s.fr
emailjeullayippepro-6422@pitiful.pp.ua
emailjeullayippepro-6422@six25.biz
emailjikemi7646@bikedid.com
emailjipefa1623@dabeixin.com
emailjiwudaddicu-6340@webstore.fr.nf
emailjobatov873@mainmile.com
emailjopotosaupre-3863@nomes.fr.nf
emailjutrajinnabrei-5713@webstore.fr.nf
emailkakegem500@bixolabs.com
emailkamow22775@eazenity.com
emailkapejo7038@kxgif.com
emailkeseki2248@eazenity.com
emailketifo8910@eazenity.com
emailkibole2897@jucatyo.com
emailkonnawoiluza-9957@mickaben.xxl.st
emailkouppamaudelloi-5937@nomes.fr.nf
emaillabali1237@nasmis.com
emaillagauyifrapa-7369@ac-cool.c4.fr
emaillagauyifrapa-7369@alkonealko.cz
emaillagauyifrapa-7369@eureka.0rg.fr
emaillagauyifrapa-7369@pamil.1s.fr
emaillagauyifrapa-7369@speed.1s.fr
emaillayem23153@cabose.com
emailleiroucremmidi-7501@ac-cool.c4.fr
emailleiroucremmidi-7501@alkonealko.cz
emailleiroucremmidi-7501@doviaso.fr.cr
emailleiroucremmidi-7501@eureka.0rg.fr
emailleiroucremmidi-7501@gland.xxl.st
emailleiroucremmidi-7501@ip11.tk
emailleiroucremmidi-7501@pamil.1s.fr
emailleiroucremmidi-7501@pitiful.pp.ua
emailleiroucremmidi-7501@six25.biz
emailleiroucremmidi-7501@speed.1s.fr
emailleiroucremmidi-7501@vip.ep77.com
emailleiroucremmidi-7501@y.iotf.net
emaillifreucrofiga-8996@ac-cool.c4.fr
emaillifreucrofiga-8996@alkonealko.cz
emaillifreucrofiga-8996@doviaso.fr.cr
emaillifreucrofiga-8996@eureka.0rg.fr
emaillifreucrofiga-8996@gland.xxl.st
emaillifreucrofiga-8996@ip11.tk
emaillifreucrofiga-8996@pamil.1s.fr
emaillifreucrofiga-8996@six25.biz
emaillifreucrofiga-8996@speed.1s.fr
emaillifreucrofiga-8996@y.iotf.net
emaillirobew779@nasmis.com
emaillocigir945@glalen.com
emaillogaved129@bixolabs.com
emaillogise5729@eazenity.com
emaillosefi8945@frandin.com
emaillouhodessate-9099@nomes.fr.nf
emailmacasi2056@cabose.com
emailmafeg16551@bikedid.com
emailmahaxaummuxau-2389@webstore.fr.nf
emailmayej17975@jucatyo.com
emailmeiddosapureu-9239@webstore.fr.nf
emailmerawe2836@bixolabs.com
emailmerel48419@cumzle.com
emailmeveme2219@bustayes.com
emailminnaffeugoiri-3955@alkonealko.cz
emailminnaffeugoiri-3955@doviaso.fr.cr
emailminnaffeugoiri-3955@eureka.0rg.fr
emailminnaffeugoiri-3955@ip11.tk
emailminnaffeugoiri-3955@pamil.1s.fr
emailminnaffeugoiri-3955@pitiful.pp.ua
emailminnaffeugoiri-3955@six25.biz
emailminnaffeugoiri-3955@y.iotf.net
emailminobe4723@cumzle.com
emailmivob44578@cabose.com
emailmoddofrefrounnau-8614@nomes.fr.nf
emailmofukapiweu-2937@mx.fuppurge.info
emailmonovo1269@ikanid.com
emailmovacig578@dabeixin.com
emailnabeb58606@dabeixin.com
emailnabed40323@nasmis.com
emailnapoko6257@eazenity.com
emailnauttouwoicumu-3573@webstore.fr.nf
emailnehax85390@bikedid.com
emailnehoc18292@ikanid.com
emailneleta8360@cabose.com
emailnenore7479@nasmis.com
emailnippaxoigummeu-8127@abo-free.fr.nf
emailnippaxoigummeu-8127@askold.prout.be
emailnippaxoigummeu-8127@dede.infos.st
emailnippaxoigummeu-8127@test-infos.fr.nf
emailnippaxoigummeu-8127@yop.moolee.net
emailnogiye4063@ikanid.com
emailnogol15868@eazenity.com
emailnoiprittehaho-9472@mickaben.xxl.st
emailnokival691@dabeixin.com
emailnolak55056@bikedid.com
emailnotaha9716@cabose.com
emailnowol35987@glalen.com
emailnusucreuyunu-3345@nomes.fr.nf
emailpazepragroxe-5371@nomes.fr.nf
emailpazoissouzebro-3894@mx.fuppurge.info
emailpeffeujessaze-2978@ac-malin.fr.nf
emailpeffeujessaze-2978@addedbyjc.0rg.fr
emailpeffeujessaze-2978@alkonealko.cz
emailpeffeujessaze-2978@doviaso.fr.cr
emailpeffeujessaze-2978@eureka.0rg.fr
emailpeffeujessaze-2978@gland.xxl.st
emailpeffeujessaze-2978@ip11.tk
emailpeffeujessaze-2978@mailadresi.tk
emailpeffeujessaze-2978@mr-email.fr.nf
emailpeffeujessaze-2978@myself.fr.nf
emailpeffeujessaze-2978@pamil.1s.fr
emailpeffeujessaze-2978@pitiful.pp.ua
emailpeffeujessaze-2978@readmail.biz.st
emailpeffeujessaze-2978@speed.1s.fr
emailpeffeujessaze-2978@tokai.tk
emailpeffeujessaze-2978@vip.ep77.com
emailpeffeujessaze-2978@yop.kyriog.fr
emailpeffeujessaze-2978@yopmail.ozm.fr
emailpefoj21447@dpsols.com
emailpefosa3581@cumzle.com
emailpequabappudda-2197@mx.fuppurge.info
emailpogocep722@cabose.com
emailpoloded656@notedns.com
emailprafauyobracre-1905@ac-cool.c4.fr
emailprafauyobracre-1905@eureka.0rg.fr
emailprafauyobracre-1905@gland.xxl.st
emailprafauyobracre-1905@ip11.tk
emailprafauyobracre-1905@pamil.1s.fr
emailprafauyobracre-1905@pitiful.pp.ua
emailprafauyobracre-1905@speed.1s.fr
emailprafauyobracre-1905@vip.ep77.com
emailprafauyobracre-1905@y.iotf.net
emailprammemmeffeummou-9074@webstore.fr.nf
emailprobroireucoqui-6351@fuppurge.info
emailpromeiloxusso-8189@0cd.cn
emailpromeiloxusso-8189@machen-wir.com
emailpuppovoigahu-1267@webstore.fr.nf
emailquagitrihicou-1516@ac-cool.c4.fr
emailquagitrihicou-1516@mail.tbr.fr.nf
emailquagitrihicou-1516@vip.222.ac.cn
emailquatatritrita-7964@mickaben.xxl.st
emailquoiyaffeinefo-5463@webstore.fr.nf
emailquotugulahou-4853@webstore.fr.nf
emailquoutoiximmeya-9331@webstore.fr.nf
emailraginap280@bikedid.com
emailrefrexoffiwu-6490@webstore.fr.nf
emailrenox92716@bustayes.com
emailrepiy47760@eazenity.com
emailreufrauhugragau-5187@webstore.fr.nf
emailripej83413@cabose.com
emailrissuleihanne-3395@webstore.fr.nf
emailrosibi4054@bixolabs.com
emailrotir48897@bixolabs.com
emailsalonij513@cumzle.com
emailsamolan870@frandin.com
emailsaralynn.nerriah@minofangle.org
emailsatak29224@eazenity.com
emailsefaxip787@finghy.com
emailselanay714@glalen.com
emailseraca5470@rdluxe.com
emailsevugeirake-6661@fuppurge.info
emailsibafi8039@frandin.com
emailsidifi8162@kxgif.com
emailsimacab135@mainoj.com
emailsobec53249@cabose.com
emailsocitim704@bustayes.com
emailsovayih689@bikedid.com
emailsoxotracroho-8654@webstore.fr.nf
emailtagennudabre-4996@ac-cool.c4.fr
emailtagennudabre-4996@alkonealko.cz
emailtagennudabre-4996@doviaso.fr.cr
emailtagennudabre-4996@eureka.0rg.fr
emailtagennudabre-4996@gland.xxl.st
emailtagennudabre-4996@ip11.tk
emailtagennudabre-4996@pamil.1s.fr
emailtagennudabre-4996@six25.biz
emailtagennudabre-4996@speed.1s.fr
emailtagennudabre-4996@y.iotf.net
emailtalad61523@bustayes.com
emailtanafec377@glalen.com
emailtarolo4156@othao.com
emailtaupaticoiquei-3150@nomes.fr.nf
emailtehov74684@bustayes.com
emailtelinnuwuna-6011@nomes.fr.nf
emailtilinof553@jucatyo.com
emailtoby@redkitenft.com
emailtosowe1477@kxgif.com
emailtreideuprakeucro-1981@fuppurge.info
emailtriddacreicroudo-6070@doviaso.fr.cr
emailtriddacreicroudo-6070@gland.xxl.st
emailtriddacreicroudo-6070@ip11.tk
emailtriddacreicroudo-6070@pitiful.pp.ua
emailtriddacreicroudo-6070@y.iotf.net
emailtriputouffeippa-4321@webstore.fr.nf
emailtroxeugrimmapa-5713@ac-cool.c4.fr
emailtroxeugrimmapa-5713@alkonealko.cz
emailtroxeugrimmapa-5713@doviaso.fr.cr
emailtroxeugrimmapa-5713@eureka.0rg.fr
emailtroxeugrimmapa-5713@gland.xxl.st
emailtroxeugrimmapa-5713@ip11.tk
emailtroxeugrimmapa-5713@pamil.1s.fr
emailtroxeugrimmapa-5713@six25.biz
emailtroxeugrimmapa-5713@speed.1s.fr
emailtroxeugrimmapa-5713@y.iotf.net
emailvatag72030@kxgif.com
emailvehon96028@dabeixin.com
emailventas@informatic.cl
emailvibopif488@jucatyo.com
emailvilomeiloussou-4871@nomes.fr.nf
emailvixocev339@cabose.com
emailvoipritufresa-4548@webstore.fr.nf
emailvojenar361@bixolabs.com
emailwadikas776@jucatyo.com
emailwewimol334@marikuza.com
emailwibovac285@eachart.com
emailwilar84846@cabose.com
emailwoposa2413@bustayes.com
emailwotesir363@bixolabs.com
emailxabrinemeiyi-2707@webstore.fr.nf
emailxassoyeigreihi-5856@nomes.fr.nf
emailxavej98169@bikedid.com
emailxecok58875@dabeixin.com
emailxeilusellusu-1906@webstore.fr.nf
emailxewafic622@jucatyo.com
emailxeyec21637@mainmile.com
emailxisowic428@bixolabs.com
emailxogota7909@bustayes.com
emailxohidoquaxi-1225@sdj.fr.nf
emailxoihounnammevoi-8009@nomes.fr.nf
emailxomek12069@jucatyo.com
emailxopixa5082@bikedid.com
emailyannouprawatri-1119@dlvr.us.to
emailyannouprawatri-1119@skynet.infos.st
emailyasiked793@bustayes.com
emailyasoiladipou-2283@nomes.fr.nf
emailyehijas553@mainmile.com
emailyetegit751@cabose.com
emailyexogo8708@jucatyo.com
emailyilikiy345@dabeixin.com
emailyovedo6490@eazenity.com
emailzeuquossegeha-1838@nomes.fr.nf
emailzoudennoufrouku-6958@webstore.fr.nf
emailzutehunopra-4524@webstore.fr.nf

Threat ID: 682c992c7960f6956616a8cb

Added to database: 5/20/2025, 3:01:00 PM

Last enriched: 6/19/2025, 6:02:32 PM

Last updated: 8/15/2025, 5:53:12 PM

Views: 41

Related Threats

Elastic EDR 0-day: Microsoft-signed driver can be weaponized to attack its own host

Medium
CampaignSat Aug 16 2025

EncryptHub abuses Brave Support in new campaign exploiting MSC EvilTwin flaw

Medium
CampaignSat Aug 16 2025

The Hidden Infrastructure Behind VexTrio's TDS

Medium
CampaignFri Aug 15 2025

Malicious JavaScript Injects Fullscreen Iframe On a WordPress Website

Medium
CampaignThu Aug 14 2025

Coordinated Brute Force Campaign Targets Fortinet SSL VPN

Medium
CampaignWed Aug 13 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats