This is interesting due to the tying of DPRK and PRC. It seems hard to say how much coordination there is between the two, but whatever it is, it appears to be greater than zero. While not necessarily surprising, I wonder if this public attribution will make it harder for the PRC to deny involvement with both the DPRK's efforts and their own.
jmyeet · 2h ago
I don't think Chinese support for NK has ever been a secret anymore than the the US support for South Korea has. And it's in China's backyardd so they've got way more of an excuse.
And if you think that doesn't matter, look at the Monroe Doctrine [1].
Taken further, the so-called Cuban Missile Crisis should really be called the Turkey Missile Crisis. The US (through NATO) placed Jupiter nuclear MRBMs in Turkey, only hunddreds of miles from Moscow. The USSR responded by doing the exact same thing, by placing nuclear weapons in Cuba. And the US almost started World War 3 over it.
It was the USSR who stepped back from the brink and, as a result of a secret agreement, the Jupiter MRBMs were quietly removed from Turkey [2].
Why is this comment downvoted? You have the right to see China, USSR and NK as immoral regimes but there's nothing non-factual here.
charonn0 · 1h ago
The topic is cybercrime and espionage, not nuclear brinksmanship or colonialism. Whatever parallels can be drawn don't seem to be very relevant, so the comment comes off as an attempt to deflect criticism.
kace91 · 1h ago
Maybe it wasn’t clear, but I think the comment is explaining the importance for superpowers of keeping their immediate surroundings politically aligned - china wants NK on their side for the same reason neither the US or the URSS wanted nukes on their doorstep.
delichon · 56m ago
To a tribalist any explanation of enemy behavior other than malevolence is considered a justification and therefore perfidy.
mopsi · 11m ago
It's run-of-the-mill propaganda that half the internet has been flooded with. About 70-90% of its content is indeed factual, which is precisely what gives the rest its potency.
I’ve heard that in North Korea it is difficult for ordinary people to learn or own a computer. It is assumed that a small number of elite operatives are selected and trained to carry out such tasks, and it is somewhat surprising that they possess the latest technology and conduct hacking.
tremon · 2h ago
> The dump also revealed reliance on GitHub repositories known for offensive tooling. TitanLdr, minbeacon, Blacklotus, and CobaltStrike-Auto-Keystore were all cloned or referenced in command logs.
What's the rationale for allowing the development of offensive tooling on github? Is this a free-speech thing, or are these repositories relevant for scientific research in some way?
StrauXX · 2h ago
They are heavily used in penetrationtests and red teaming engagements. Banning such tools from the public just mystifies attackers ways to defenders, while not in any way hindering serious malicious actors. We had that discussion back in the 90s and early 2000s.
freedomben · 1h ago
Agreed. Plus it's not always a clear line between offensive and legitimate usage. For many years nmap was banned on most corporate networks, but it's an invaluable tool for legitimate use too, despite being useful for offensive cases as well
laveur · 2h ago
I think they get heavily used by security researchers, and other people that do regular Penetration Testing.
traverseda · 2h ago
What alternative do you suggest?
immibis · 1h ago
I think they're wondering why GitHub doesn't report these to law enforcement and their creators don't go to prison.
Not sure about US law, but in Germany, creating or possessing a hacking tool (including things like nmap) is a criminal offence.
rpdillon · 1h ago
Wait, installing nmap on your laptop from a Linux distribution's repositories is a crime in Germany?
to11mtm · 1h ago
Not really, so long as you don't use it for anything 'bad'. i.e. if you're just running against your local network, who's gonna report it?
kulahan · 1h ago
In the US you’re allowed to have pretty much whatever code you want on your computer, obviously excepting binary representations of illegal photo/video content.
How do they even enforce it? Or is it just an extra law to throw at someone already convicted of something?
kace91 · 1h ago
>Not sure about US law, but in Germany, creating or possessing a hacking tool (including things like nmap) is a criminal offence.
Surely that must be wrong, are security certs not a thing in Germany?
That's a fairly detailed analysis of an APT workflow.
Now, non-APT actors, if they wanted to up their level of sophistication, might replicate some of these workflows for their own nefarious activities.
jmyeet · 1h ago
So this is interesting from a technical perspective. Some of this infrastructure is used by pen testers and the likes, which just goes to show that there is no such thing as a defensive weapon. I'll let you ponder why that might be pertinent.
Unfortunately, it quickly turns into a discussion of how bad NK and China are and how China shouldn't support NK (because, again, they're bad).
I'll offer two words to expose the hypocrisy of this: Stuxnet, Pegasus.
And if you think that doesn't matter, look at the Monroe Doctrine [1].
Taken further, the so-called Cuban Missile Crisis should really be called the Turkey Missile Crisis. The US (through NATO) placed Jupiter nuclear MRBMs in Turkey, only hunddreds of miles from Moscow. The USSR responded by doing the exact same thing, by placing nuclear weapons in Cuba. And the US almost started World War 3 over it.
It was the USSR who stepped back from the brink and, as a result of a secret agreement, the Jupiter MRBMs were quietly removed from Turkey [2].
[1]: https://en.wikipedia.org/wiki/Monroe_Doctrine
[2]: https://www.wilsoncenter.org/blog-post/jupiter-missiles-and-...
What's the rationale for allowing the development of offensive tooling on github? Is this a free-speech thing, or are these repositories relevant for scientific research in some way?
Not sure about US law, but in Germany, creating or possessing a hacking tool (including things like nmap) is a criminal offence.
How do they even enforce it? Or is it just an extra law to throw at someone already convicted of something?
Surely that must be wrong, are security certs not a thing in Germany?
Now, non-APT actors, if they wanted to up their level of sophistication, might replicate some of these workflows for their own nefarious activities.
Unfortunately, it quickly turns into a discussion of how bad NK and China are and how China shouldn't support NK (because, again, they're bad).
I'll offer two words to expose the hypocrisy of this: Stuxnet, Pegasus.