top | item 45157675

(no title)

jamedjo | 5 months ago

> Attribution Scenarios: Option A: DPRK Operator Embedded in PRC

> Use of Korean language, OCR targeting of Korean documents, and focus on GPKI systems strongly suggest North Korean origin.

I'm don't follow how needing OCR to read Korean documents points to them being North Korean?

Could also point in the opposite direction of them needing to copy the text for translation.

discuss

Thorrez|5 months ago

Their shell history shows them using OCR tools. AFAIK it doesn't show them using translation tools.

RT-Saber|5 months ago

Actually KIM was also using Google Translate (discovered through his browsing history)

jamedjo|5 months ago

Fair, and appears I missed the first part "Use of Korean language".

The OCR still tells us more about the target than the actor, but I guess they are suggesting the choice of target itself is the indicator.

RT-Saber|5 months ago

We believe KIM is Chinese but working for both Chinese and North Korean interests/governments, he speaks only very little Korean, he translates Korean websites into simplified Chinese using Google Translate and use OCR to translate Korean documents into Chinese.