ZachXBT：朝鲜IT人员操控虚假身份，与Favrr平台68万美元攻击相关

Odaily

Aug 13, 2025

Odaily星球日报讯据 ZachXBT 披露，一名消息人士入侵朝鲜 IT 人员设备，发现其小团队通过 30 多个虚假身份获取开发者职位，使用政府 ID 购买 Upwork 和 LinkedIn 账户，并通过 AnyDesk 开展工作。相关数据包括 Google Drive 导出、Chrome 配置文件及截图。

钱包地址 0 x 78 e 1 与 2025 年 6 月的 Favrr 平台 68 万美元攻击密切相关，更多朝鲜 IT 人员也被识别。团队利用 Google 产品安排任务，购买 SSN、AI 订阅及 VPN 等。部分浏览记录显示频繁使用 Google Translate 翻译韩语，IP 地址为俄罗斯。招聘方的忽视及服务间缺乏协作成为打击此类行为的主要挑战。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2559078196"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2559078196\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2559078196?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-08-13 21:05","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2559078196","market":"us","top_or_hot":-1,"title":"ZachXBT：朝鲜IT人员操控虚假身份，与Favrr平台68万美元攻击相关","media":"Odaily","content":"<html><body><div><p>Odaily星球日报讯 据 ZachXBT 披露，一名消息人士入侵朝鲜 IT 人员设备，发现其小团队通过 30 多个虚假身份获取开发者职位，使用政府 ID 购买 Upwork 和 LinkedIn 账户，并通过 AnyDesk 开展工作。相关数据包括 Google Drive 导出、Chrome 配置文件及截图。</p><p>钱包地址 0 x 78 e 1 与 2025 年 6 月的 Favrr 平台 68 万美元攻击密切相关，更多朝鲜 IT 人员也被识别。团队利用 Google 产品安排任务，购买 SSN、AI 订阅及 VPN 等。部分浏览记录显示频繁使用 Google Translate 翻译韩语，IP 地址为俄罗斯。招聘方的忽视及服务间缺乏协作成为打击此类行为的主要挑战。</p></div></body></html>","source":"odaily_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>ZachXBT：朝鲜IT人员操控虚假身份，与Favrr平台68万美元攻击相关</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nZachXBT：朝鲜IT人员操控虚假身份，与Favrr平台68万美元攻击相关\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-08-13 21:05 北京时间&nbsp;&nbsp;&nbsp;<a href=https://www.odaily.news/zh-CN/newsflash/443256><strong>Odaily</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>Odaily星球日报讯 据 ZachXBT 披露，一名消息人士入侵朝鲜 IT 人员设备，发现其小团队通过 30 多个虚假身份获取开发者职位，使用政府 ID 购买 Upwork 和 LinkedIn 账户，并通过 AnyDesk 开展工作。相关数据包括 Google Drive 导出、Chrome 配置文件及截图。钱包地址 0 x 78 e 1 与 2025 年 6 月的 Favrr 平台 68 ...</p>\n\n<a href=\"https://www.odaily.news/zh-CN/newsflash/443256\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"IE00BZ1G4Q59.USD","symbol_name":"LEGG MASON CLEARBRIDGE US EQUITY SUSTAINABILITY LEADER \"A\"(USD) INC (A)","start_time":0,"source_url":"https://www.odaily.news/zh-CN/newsflash/443256","article_id":"2559078196","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2559078196","pubTimestamp":1755090353,"columns":[],"sourceInfo":{"source_id":"odaily_live","name":"Odaily"},"weMediaInfo":null,"summary":"<div class=\"line-clamp-4 text-custom-000000/70 dark:text-custom-FFFFFF/60 text-18 font-400 tracking-1 leading-40 whitespace-pre-line\"><p>Odaily星球日报讯 据 ZachXBT 披露，一名消息人士入侵朝鲜 IT 人员设备，发现其小团队通过 30 多个虚假身份获取开发者职位，使用政府 ID 购买 Upwork 和 LinkedIn 账户，并通过 AnyDesk 开展工作。相关数据包括 Google Drive 导出、Chrome 配置文件及截图。</p><p>钱包地址 0 x 78 e 1 与 2025 年 6 月的 Favrr 平台 68 万美元攻击密切相关，更多朝鲜 IT 人员也被识别。团队利用 Google 产品安排任务，购买 SSN、AI 订阅及 VPN 等。部分浏览记录显示频繁使用 Google Translate 翻译韩语，IP 地址为俄罗斯。招聘方的忽视及服务间缺乏协作成为打击此类行为的主要挑战。</p></div>","collect":0,"end_time":0,"defaultTopTitle":"odaily.news","property":[],"viewcount":null,"language":"zh","relate_stocks":{"IE00BZ1G4Q59.USD":"LEGG MASON CLEARBRIDGE US EQUITY SUSTAINABILITY LEADER \"A\"(USD) INC (A)","LU0082616367.USD":"摩根大通美国科技A（dist）","LU0878866978.SGD":"First Eagle Amundi International AHS-QD SGD-H","LU2191332357.HKD":"SCHRODER ISF SUSTAINABLE MULTI-ASSET INCOME \"A\" (HKDHDG) INC","SG9999017495.SGD":"UGDP UNITED GLOBAL QUALITY GROWTH \"B\" (SGD) ACC","VPN":"Global X Data Center REITs & Digital Infrastructure ETF","LU2236285917.USD":"ALLIANZ GLOBAL INCOME \"AMG\" (USD) INC","LU2750360997.AUD":"INVESCO GLOBAL EQUITY INCOME ADVANTAGE \"A\" (AUDHDG) INC","LU0061474960.USD":"天利环球焦点基金AU Acc","LU1267930573.SGD":"TEMPLETON GLOBAL \"AA\" (SGD) ACC A","LU0683600562.USD":"AB SELECT US EQUITY \"A\" (USD) ACC","LU2463028550.USD":"AB SICAV I AMERICAN MULTI-ASSET PORTFOLIO \"A\" (USD) ACC","LU1989764664.SGD":"CPR Invest - Global Disruptive Opportunities A2 Acc SGD-H","GOOGL":"谷歌A","LU2111349929.HKD":"ALLIANZ GLOBAL SUSTAINABILITY \"AM\" (HKD) INC","LU0792757196.USD":"TEMPLETON SHARIAH GLOBAL EQUITY FUND \"A\" (USD) ACC","LU0985320562.USD":"NORDEA 1 GLOBAL STARS EQUITY \"BP\" (USD) ACC","LU0787776722.HKD":"AB SELECT US EQUITY PORTFOLIO \"A\" (HKD) ACC","LU2275660780.HKD":"SCHRODER ISF GLOBAL CLIMATE CHANGE EQUITY \"A\" (HKD) ACC","IP":"国际纸业","IE00BFXG0V08.USD":"BNY MELLON GLOBAL LEADERS \"B\" (USD) ACC","LU2357305700.SGD":"Allianz Global Artificial Intelligence ET H2-SGD","LU1934455194.USD":"AB SICAV I LOW VOLATILITY TOTAL RETURN EQUITY PORT \"A\" (USD) ACC","LU0942090050.USD":"UBS (LUX) EQUITY SICAV - US TOTAL YIELD SUSTAINABLE \"P\" (USD)  INC","USJW.SI":"ALPHAB 3xLongSG261006","BK4136":"纸材料包装","LU2361044949.HKD":"WELLINGTON US QUALITY GROWTH \"A\" (HKD) ACC","LU2471134952.CNY":"INVESCO GLOBAL EQUITY INCOME ADVANTAGE \"A\" (CNYHDG) INC","LU2552382058.USD":"WELLINGTON US BRAND POWER \"A\" (USD) ACC","LU1934455863.HKD":"AB SICAV I LOW VOLATILITY TOTAL RETURN EQUITY PORT \"A\" (HKD) ACC","LU0314104364.USD":"MANULIFE GF AMERICAN GROWTH \"AA\" (USD) INC","LU2552382132.HKD":"WELLINGTON US BRAND POWER \"A\" (HKD) ACC","LU0648000940.SGD":"Natixis Harris Associates Global Equity RA SGD","LU1481600234.SGD":"THREADNEEDLE (LUX) UK EQUITY INCOME \"ASC\" (SGDHDG) INC","BK4592":"伊斯兰概念","LU1303367103.USD":"摩根大通多经理另类基金 A (acc)","LU0289941410.SGD":"AB FCP I Dynamic Diversified AX SGD","LU0345774391.USD":"NINETY ONE GSF AMERICAN FRANCHISE \"A\" (USD) ACC","LU1280957306.USD":"THREADNEEDLE (LUX) US CONTRARIAN CORE EQUITIES \"AUP\" (USD) INC","LU0225283273.USD":"SCHRODER ISF GLOBAL EQUITY ALPHA \"A\" (USD) ACC","LU0943347566.SGD":"安联收益及增长平衡基金AM H2-SGD","LU2247934214.USD":"FIDELITY FUNDS SUSTAINABLE FUTURE CONNECTIVITY \"A\" (USD) ACC","GOOG":"谷歌","LU2746668461.USD":"MANULIFE DYNAMIC LEADERS \"AA\" (USD) ACC","LU0786609619.USD":"高盛全球千禧一代股票组合Acc","LU0820562030.AUD":"ALLIANZ INCOME AND GROWTH \"AMH2\" (AUDHDG) H2 INC","LU2092937148.SGD":"Blackrock ESG Multi-Asset A8 SGD-H","IE00BKPKM429.USD":"NEUBERGER BERMAN GLOBAL SUSTAINABLE EQUITY \"A\" (USD) ACC","BK4598":"佩洛西持仓","LU0310800965.SGD":"FTIF - Templeton Global Balanced A Acc SGD"},"translate_title":"ZachXBT: North Korean IT personnel manipulate false identities, linked to $680,000 attack on Favrr platform","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"VPN":1,"GOOG":1,"USJW.SI":0.6,"IP":1,"GOOGL":1},"content_text":"Odaily星球日报讯 据 ZachXBT 披露，一名消息人士入侵朝鲜 IT 人员设备，发现其小团队通过 30 多个虚假身份获取开发者职位，使用政府 ID 购买 Upwork 和 LinkedIn 账户，并通过 AnyDesk 开展工作。相关数据包括 Google Drive 导出、Chrome 配置文件及截图。钱包地址 0 x 78 e 1 与 2025 年 6 月的 Favrr 平台 68 万美元攻击密切相关，更多朝鲜 IT 人员也被识别。团队利用 Google 产品安排任务，购买 SSN、AI 订阅及 VPN 等。部分浏览记录显示频繁使用 Google Translate 翻译韩语，IP 地址为俄罗斯。招聘方的忽视及服务间缺乏协作成为打击此类行为的主要挑战。","kind":"live","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":true,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"need_auth":false,"code":"91000000","status":"200"}}}