Comment by fuzzzerd
NK "fake employee" finds a non technical American to run their laptop farm by lying to them that running these laptops is helping make their access to some service faster.
NK "fake employee" finds a non technical American to run their laptop farm by lying to them that running these laptops is helping make their access to some service faster.
These aren't botnets in the traditional sense. These operations need a US-based laptop (they receive it by mail, from the "target" corporation upon employment) and they also need the mini-kvm device to be plugged in. Then the remote agents connect via that kvm, to make detection harder. To an enterprise IDS/IPS the laptop seems connected from a residential, US IP address (expected).
They've already arrested some people involved in this, they have devices as evidence. It's pretty well documented at this point.
Sounds very convoluted.
I'm sure many, many countries have botnets. I have a bunch of those countries which I consider irresponsible and wreckless in my radar, not only north korea.