> And how sure are you these weren't random hackers or trolls, but actual NK agents?
"Agents" is way too big of a word. Just cogs in a corporate theft machine.
There's a lot of reasons I'm sure, but the biggest is because before a hack they asked for help doing something simple with a crypto address that was later used to test run the 50 million dollar theft that was North Korea. And also trying to drop North Korean linked malware is another data point.
This also hits my point about both dangerous and amateurs. They pulled off pretty sophisticated heist but, had to ask for help, asked for help using a crypto address tied to the theft, and blew the cover on an identity they had been building up for a year.
Here's a twitter thread I put together of both my conversation and others with this particular account:
"Agents" is way too big of a word. Just cogs in a corporate theft machine.
There's a lot of reasons I'm sure, but the biggest is because before a hack they asked for help doing something simple with a crypto address that was later used to test run the 50 million dollar theft that was North Korea. And also trying to drop North Korean linked malware is another data point.
This also hits my point about both dangerous and amateurs. They pulled off pretty sophisticated heist but, had to ask for help, asked for help using a crypto address tied to the theft, and blew the cover on an identity they had been building up for a year.
Here's a twitter thread I put together of both my conversation and others with this particular account:
https://x.com/danielvf/status/1905642180749775189