Secureworks links NICKEL TAPESTRY's North Korean IT worker operations to infrastructure that also appeared in a 2016 IndieGoGo crowdfunding scam. The report cites OFAC-designated Yanbian Silverstar and Volasys Silver Star, FBI evidence that freelancer accounts were accessed from 36.97.143[.]26 in Jilin, China, and historical WHOIS data for silverstarchina.com. The same registrant email and Yanbian street address appeared on kratosmemory.com, which was later tied to the Kratos portable wireless memory campaign whose backers reported never receiving products or refunds. Secureworks treats the overlap as evidence that DPRK-linked operators experimented with earlier revenue schemes before more mature IT worker operations.