惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
Attack and Defense Labs
Attack and Defense Labs
V2EX - 技术
V2EX - 技术
O
OpenAI News
S
Secure Thoughts
H
Heimdal Security Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Schneier on Security
Schneier on Security
H
Hacker News: Front Page
S
Security Affairs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Vercel News
Vercel News
Microsoft Security Blog
Microsoft Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
P
Proofpoint News Feed
The Register - Security
The Register - Security
GbyAI
GbyAI
Cloudbric
Cloudbric
MongoDB | Blog
MongoDB | Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
Forbes - Security
Forbes - Security
Y
Y Combinator Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Scott Helme
Scott Helme
Hacker News - Newest:
Hacker News - Newest: "LLM"
The Cloudflare Blog
Recorded Future
Recorded Future
人人都是产品经理
人人都是产品经理
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Webroot Blog
Webroot Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LangChain Blog
T
Tor Project blog
Microsoft Azure Blog
Microsoft Azure Blog
博客园_首页
Hacker News: Ask HN
Hacker News: Ask HN
Blog — PlanetScale
Blog — PlanetScale
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog RSS Feed
N
News and Events Feed by Topic
阮一峰的网络日志
阮一峰的网络日志
I
Intezer
V
V2EX
T
Tailwind CSS Blog
SecWiki News
SecWiki News
NISL@THU
NISL@THU
C
Check Point Blog

North Korean Internet

DPRK Captive Portal Infrastructure Found in Testing More Fake Devs, More Fake Companies: vexxloso and Nixsora.com npm Malware, Fake Devs, and Deepfake Videos: These Are A Few of My Favorite DPRK Things Made for Export: North Korea’s Software Catalog Kwangmyong Additional Notes on the Trevor Greer Infostealer Logs Hunting For North Korean Fiber Optic Cables Unboxing the Arirang 182 – A North Korean Feature Phone Hangro: Investigating North Korean VPN Infrastructure Part 2
DPRK Infrastructure Update
nick · 2025-11-20 · via North Korean Internet

While it’s pretty well known that the DPRK is assigned ASN131279 there are a handful of other ranges that they seemingly have access to. Based on the names these appear to be assigned to the DPRK via Russia TransTelekom

CIDRASNNetnameCompany
62.33.81.0/2420485KPOST-NETTTK-DV
80.237.84.0/2420485KPOST-NETTTK-DV
188.43.88.0/2420485KPOST-NETTTK-DV
188.43.136.0/2420485KPOST-NET2TTK-DV

And while not as explicitly named they are also using

45.126.3.0/24134544Cenbong Int’l Holdings

These make sense as both 20485 and 134544 are upstream peers of ASN 131279

There are also a handful of other ranges that they are leveraging. The first two are also part of TTK and the final one I haven’t seen evidence of being in use but the abuse contact email for the IPs are postmaster@silibank.com and the company listed is Liaoning Clear channel data Communication, Inc which is right over the border from the DPRK in China.

80.237.87.0/2420485SKYFREIGHT-NET
83.234.227.0/2420485SKYFREIGHT-NET
218.25.43.208/284837China Unicom

Now, I’ve been working on some more detailed infrastructure write ups but one thing that stood out last year was a note on an ITW account that listed information about proxying traffic via Russia and Hong Kong. Note is below:

The following IPs are also used for traffic leaving the country via NetKey/OConnect

  • 45.126.3.252
  • 83.234.227.41

Discover more from North Korean Internet

Subscribe to get the latest posts sent to your email.