Misconfigured cloud server leaked clues of North Korean animation scam
The Register
https://www.msn.com/en-us/news/world/misconfigured-cloud-server-leaked-clues-of-north-korean-animation-scam/ar-AA1nukze?ocid=entnewsntp&pc=U531&cvid=f187eb73c1aa43f9b46190bf24268dcb&ei=93
Outsourcers outsourced work for the BBC, Amazon, and HBO Max to the
hermit kingdom
A misconfigured cloud server that used a North Korean IP address has led
to the discovery that film production studios including the BBC, Amazon,
and HBO Max could be inadvertently using workers from the hermit kingdom
for animation projects.…
The server – which according to think tank Stimson Center this week is
no longer being utilized – was discovered by the author of NK Internet blog, Nick Roy, in late 2023.
The Stimson Center, together with Roy, analyzed the files that would
appear every day on the server's blog, according to a post on the think tank's blog, 38 North, penned by Martyn Williams.
Many of those files included instructions for animation work and results
of that day’s work, uploaded by unknown individuals. Editing comments
and instructions were frequently written in Chinese, accompanied by a
Korean translation.
"This suggests a go-between was responsible for relaying information
between the production companies and the animators," alleged Williams.
Google-owned cyber security outfit Mandiant had a look at the access
logs and found most logins to the server were done over a virtual
private network (VPN), but there were also three from China and one from Spain.
The researchers were able to identify a few of the projects – including season 3 of Amazon Prime’s “Invincible”, plus Cartoon Network and HBO Max's “Iyanu, Child of Wonder”. Files from BBC's Octonauts were found on the server, but appeared completed, so it is not known if work on the
show was contracted out or if the files were there for other reasons.
Although documents do not explicitly name the organization, the
researchers suspects that the contractor doing the outsourced animation
was Pyongyang-based and state-sponsored animation company April 26
Animation Studio – also known as SEK Studio – which is subject to US sanctions.
"There is no evidence to suggest that the companies identified in the
images had any knowledge that a part of their project had been
subcontracted to North Korean animators," asserted Williams.
He posited that additional relay servers probably exist for North Korean
orgs covertly engaging in other digital work such as software development.
North Korean citizens' efforts to earn money for the regime by posing as
IT workers are well documented. The United States has issued warnings
against the practice and advisories on how to protect against
inadvertently supporting Kim Jong Un's regime and slush fund.
In January, 38 North warned that cloud computing service providers
should take more care against unwittingly renting infrastructure to
North Korea. At the time, the org was more concerned about North Korean access to AI infrastructure than hiring out its citizens as animators.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 60:50:44 |
Calls: | 6,712 |
Files: | 12,244 |
Messages: | 5,355,765 |