North Korean IT Farms IoC Document and Recommendations

2025-01-26 Farnsworth Intelligence

https://www.farnsworthintelligence.com/north-korean-it-farms-ioc-document-and-recommendations

Thumbnail for North Korean IT Farms IoC Document and Recommendations

Farnsworth Intelligence lists IP addresses allegedly used by North Korean IT-worker farms to connect into U.S. companies through remote desktop tooling, including RustDesk and AnyDesk-style access. The source warns that the operators also abuse legitimate collaboration platforms such as Webex and Microsoft Teams take-control features, which can make activity harder for endpoint tools to distinguish from normal remote support. It recommends filtering for the listed IPs and known AstrillVPN ranges, watching for work-hour connections from high-risk geographies, and adding stronger in-person or video identity checks for remote hires.

Indicators of Compromise

Type Value First Seen Last Seen
IPv4 51.195.140.214 2025-01-26 2026-04-17
IPv4 38.170.181.10 2025-01-26 2026-01-21
IPv4 209.127.228.186 2025-01-26 2026-01-21
IPv4 104.223.97.2 2024-09-23 2025-12-03
IPv4 155.94.255.2 2024-09-23 2025-04-24
IPv4 104.223.98.2 2024-09-23 2025-02-25
IPv4 83.234.227.37 2025-01-26 2025-01-26
IPv4 83.234.227.33 2025-01-26 2025-01-26
IPv4 83.234.227.35 2025-01-26 2025-01-26
IPv4 83.234.227.34 2025-01-26 2025-01-26
IPv4 173.205.94.156 2025-01-26 2025-01-26
IPv4 207.126.86.121 2025-01-26 2025-01-26
IPv4 51.161.196.51 2025-01-26 2025-01-26
IPv4 83.234.227.36 2025-01-26 2025-01-26
IPv4 83.234.227.38 2025-01-26 2025-01-26

Related Reports

« Back