Threats Tagged 'sanctions evasion'
View all threats tagged with 'sanctions evasion'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'sanctions evasion'
Click on any threat for detailed analysis and mitigation recommendations
Unmasking DPRK Cyber Threat Actors: Fake IT Worker Infrastructure 0 Investigation of DPRK-linked fake IT worker infrastructure began after cryptocurrency researcher ZachXBT identified domain luckyguys[.]site connected to illicit payments. Analysis of 30 days of network activity associated with IP 163.245.219[.]19 revealed concentrated VPN usage patterns, with Astrill VPN (37.5%), Mullvad (32.25%), and Proton VPN (6.25%) being prominent. American and Latvian residential IPs communicated with the infrastructure, showing frequent Astrill VPN usage and connectivity to Gmail, ChatGPT, and Workana freelance platform. A second IP, 216.158.225[.]144, was discovered through X509 certificate analysis. Traffic dropped sharply following public exposure, consistent with adversary behavior of abandoning attributed infrastructure. The activity suggests a distributed network of remote IT workers participating in sanctions evasion workflows, leveraging AI tools and freelance platforms to obtain employment under false identities. Join the discussion | AlienVault OTX General | 04/23/2026, 03:27:33 UTC Added: 04/23/2026, 09:06:03 UTC |
Showing 1 to 1 of 1 result