Error Messages

June 16, 2024 / nkinternet / Leave a comment

Someone shared with me a couple of files that are from the Amnokgang Technology Development Company. You can read more about Amnokgang here: https://www.nonproliferation.org/wp-content/uploads/2018/05/op36-the-shadow-sector.pdf

While the files are interesting I always love a good error message. So if you see Don’t joke on me. as an error message in your software it probably means that company is working with North Korea.

Old pust.kr Screenshot

June 8, 2024 / nkinternet / Leave a comment

Cleaning up years of old screenshots and files and came across this screenshot for pust.kr (Pyongyang University of Science and Technology). The domain currently doesn’t resolve but back in 2016 when the site was in the middle of an upgrade it had this message:

We are currently upgrading our homepage.

Thank you very much for visiting the Pyongyang University of Science and Technology website.

I’m currently upgrading my homepage, so please wait a minute. I’ll see you in a better shape.

Resumes from Pyongyang Gwangmyeon Information Technology Corporation

May 11, 2024May 11, 2024 / nkinternet / Leave a comment

Found a couple of resumes online from the Pyongyang Gwangmyeon Information Technology Corporation. Interesting thing is that it doesn’t have names or past employment. Seems to be mostly focused on technical skills and capabilities. Appears to be targeting Russian corporations looking for DPRK workers. Interesting skills in the resumes:

Reverse engineering
Development experience across Windows, Linux, and embedded systems
Programming languages including C/C++, PHP, Python, Java, and web
Secure communications protocols like SSL and TLS are called out
Database admin specifically mentioning oracle, MySQL and PostgreSQL

Contact information from the resumes:

Company Name: Kwangmen Information Technology Corporation, Pyongyang
Email: knic.re.dept@silibank.net.kp
Phone Number: 0085-02-18111 Ext. 8024
Fax: 0085-02-381-4410
Address: Haebangsan-dong, Central District, Pyongyang, DPRK

Resumes:

https://nkinternet.wordpress.com/wp-content/uploads/2024/05/kndr_rezume_1.doc

https://nkinternet.wordpress.com/wp-content/uploads/2024/05/kndr_potencial.doc

Looks like at one point North Korea was helping Russia develop it’s own version of the kwangmyong: https://hanber-livejournal-com.translate.goog/2420206.html?_x_tr_sl=ru&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=sc

Unauthenticated Telnet Login for Cisco Devices

March 29, 2024May 28, 2024 / nkinternet / Leave a comment

Someone shared some notes with me about a Cisco router in 175.45.178.0/24 that was allowing unauthenticated telnet connections:

Multiple Subnets and Network Segmentation: The switch manages traffic across several IP address ranges (172.16.x.x, 172.25.x.x, 175.45.x.x, 192.168.x.x), indicating a complex network setup with multiple segments. This suggests a structured approach to organizing network resources, possibly reflecting different operational areas or security levels within the network.
External Connectivity and Gateway Configuration: The default gateway is set to 172.25.1.25, acting as the primary exit point for traffic intending to reach the internet or an external network. This could indicate where to focus efforts on understanding how traffic flows out of this network and potentially how it’s managed or monitored.
Static Routing to Specific IPs: The presence of static routes, especially those directing traffic to specific IP addresses outside the local subnets (175.45.178.163/32, 175.45.178.164/32, 175.45.178.165/32 via 192.168.10.10), could hint at designated paths for certain types of communications or connections to specific external services or networks. This might offer clues about strategic external connections or the organization of the network’s external communications.
ARP Table Entries: The Address Resolution Protocol (ARP) table entries reveal devices that have been communicating through the switch, providing MAC addresses and corresponding IP addresses. Notably, there’s a mix of local and potentially external IP addresses, giving a snapshot of active devices or servers. This information could be valuable for mapping the network or identifying critical devices within it.
Access Control Lists (ACLs): The existence of an ACL that permits UDP traffic universally might be indicative of specific applications or services that are prioritized within the network, such as streaming or VoIP services. Understanding the role of UDP in this network might reveal operational priorities or specific applications in use.
VLAN Configuration: The detailed VLAN setup shows the network’s logical segmentation, which could correspond to different departments, security zones, or types of traffic. This level of detail provides a clearer picture of the network’s internal organization and possibly its scale and complexity.
Device and Software Information: Device is a Cisco Catalyst 3560V2 running IOS version 12.2(58)SE2

Red Star 4.0 Management Interface

February 22, 2024May 19, 2024 / nkinternet / Leave a comment

Forgot to post these a while back but some screenshots of the Red Star 4.0 management interface.

BGP Change – 175.45.177.0/24

January 17, 2024 / nkinternet / Leave a comment

Looks like as of 5:26 AM ET this morning 175.45.177.0/24 was withdrawn and no longer visible. As of yesterday this is what I was showing was in that range

kcna.kp – 175.45.177.1

3 nginx servers at 175.45.177.9, 175.45.177.10, and 175.45.177.11

2 star ftp servers 175.45.177.41 and 175.45.177.42

Exposed Nextcloud Instance

December 17, 2023May 23, 2024 / nkinternet / Leave a comment

Putting some of these back now that the story has been published. This was some info on the exposed server

config/config.php is exposed but the files can’t be accessed.

Working backwards it appears the domain cloud.star.net.kp is pointing to the IP but at this time isn’t resolving, at least for me.

New Website – Kim Il Sung- Kim Jong Il Foundation

July 27, 2023 / nkinternet / 2 Comments

Found this posted on twitter a few days ago, not yet listed on dprkportal.kp

North Korea has launched a new #website!

The website, https://t.co/jd2KzfOmgL appeared in early July and serves as the homepage of the #KimIlSung–#KimJongIl Foundation (KKF). The KKF used to be hosted on Naenara, until recently.

The new website resembles its predecessor. pic.twitter.com/GCSZkrd5wc
— North Korean Archives and Library (NKAAL) (@NorthNKAAL) July 24, 2023

Re-Signing North Korean Android Apps

July 9, 2023 / nkinternet / 1 Comment

In case you run into a similar problem that I ran into on getting apks off DPRK phones and not being able to run them on other devices. Here’s the steps for re-signing

apktool d -r -s application.apk

cd ./application/original/META-INF
rm -f *
cp ./application/dist/application.apk

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore application.apk alias_name

zipalign -v 4 application.apk application_aligned.apk

If needed to generate the cert for signing:
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Obviously you’ll need to install apktool, jarsigner, zipalign. replace application.apk with the name of the apk that you’re working with.

I see you North Korea creeping on my site

March 13, 2023May 28, 2024 / nkinternet / Leave a comment

putting back some old posts

	nkinternet on korstamp.com.kp Authors
	Ibrahim on korstamp.com.kp Authors
	nkinternet on New Website – Kim Il Sun…
	luk on New Website – Kim Il Sun…
	Emilio on Re-Signing North Korean Androi…

North Korean Internet

Monitoring the North Korea Public IP Space

Uncategorized