North Korean Hacker Exposes $1M IT Worker Scheme via Malware Mishap

Severity: Medium (Score: 58.0)

Sources: Theblock.Co, Cybernews

Summary

A North Korean hacker inadvertently revealed a $1 million-per-month IT worker scheme by detonating malware on their own computer. The incident exposed data from 390 accounts, including internal chats, browser history, and crypto payment records. Internet investigator ZachXBT analyzed the leaked data, uncovering details of a fraudulent operation involving forged identities and a messaging platform for payment coordination. The operation has reportedly generated over $3.5 million since November 2025. The exposed infrastructure appears less sophisticated than other DPRK hacking groups but highlights a significant trend in North Korean cyber activities. The data also included discussions targeting crypto projects, although it remains unclear if any attacks were executed. U.S. authorities have previously sanctioned individuals linked to similar schemes, indicating the broader implications of these operations. Key Points: • A North Korean hacker accidentally exposed a $1M monthly IT worker scheme. • Data from 390 accounts revealed fraudulent identities and crypto payment methods. • ZachXBT's findings indicate a less sophisticated but operationally structured network.

Key Entities

• AppleJeus (malware)
• TraderTraitor (malware)
• Malware (attack_type)
• Ransomware (attack_type)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• Discord (platform)