Program

/

CODE BLUE 2025

Time Table

Behind the Screen: Unmasking North Korean IT Workers' Operations and Infrastructure

DAY 2

14:10-14:50

North Korea deploys sophisticated cyber operations to generate foreign currency through cryptocurrency theft and covert IT worker placements. These funds directly support the Kim regime’s power consolidation and nuclear weapons development.

Our investigation provides unprecedented visibility into these operations’ human elements and organizational structures. Unlike previous research that focused on technical indicators or theoretical attribution, we reveal the operational workflow through advanced OSINT techniques—from sophisticated identity forgery and cover story development to command hierarchies and field operations.

We present actionable intelligence, including social engineering patterns, fake ID creation methods, and detailed playbooks for cultivating cover accounts. This intelligence equips security professionals with practical countermeasures against these sophisticated threat actors and offers rare insights into the actual mechanics of North Korean cyber operations.

  • Location :

    • Track 1(HALL B)

  • Category :

    • CyberCrime

  • Share :

Speakers

  • Stty K の写真

    Stty K

    Stty K

    He works as an Open Source Intelligence Analyst. Previously, he focused on analyzing the Dark Web and is currently working on an analysis of North Korea's cyber activities. He held talks at AVTOKYO 2023, CYBERWARCON 2024 and Black Hat USA 2025 Briefings.