The DPRK group’s attempts to exfiltrate data and install RMM tools by posing as US IT workers is one of several examples that show cross-domain analysis is needed to tackle rising identity-based attacks, according to CrowdStrike’s counter adversary team, as the company reels in the worldwide outage’s wake.
Serious question: how does North Korea train “imposter IT pros”? Are these people working for the government who get access to the www? How do they then develop the skills to be selected as such in the first place? What kind of programming experience us taught in NK?
They actually have a fairly comprehensive training program setup through their “University.” They also mix in foreign contractors, usually from China.
Don’t have an answer to your question – But if you haven’t come across this yet it’s worth a read – https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
I think there’s a darknet diaries episode about this