North Korean spy slips up, reveals ties in fake job interview
An investigation revealed a cluster of North Korean operatives infiltrating the cryptocurrency freelancing market. Cyber threat intelligence expert Heiner Garcia linked a suspected DPRK operative, “Motoki,” to a network of GitHub accounts and fake identities. During a job interview set up by Garcia, Motoki displayed suspicious behavior, struggled with Japanese language skills, and inadvertently shared access to private GitHub repositories associated with another DPRK operative, “bestselection18.” Linguistic analysis suggested Motoki's origins were likely North Korean. Following the interview, Motoki proposed a scheme to remotely access Garcia's computer for work, circumventing VPN restrictions. Subsequent investigations indicated that DPRK operatives pose significant risks to tech recruiters, with estimates suggesting they generate up to $600 million annually for the regime, potentially funding its weapons programs.
