Skip to content(if available)orjump to list(if available)

Hunting for North Korean Fiber Optic Cables

Hunting for North Korean Fiber Optic Cables

6 comments

·December 8, 2025
Visit

superducktoes

Thanks for sharing my site. Happy to answer any questions

monerozcash

Don't have questions, but your blog is very cool.

A bit over a decade ago I used to spend a lot of time hacking North Korean web infrastructure, I mostly found that they tended to have firewalling around almost all boxes exposed to the global internet and usually had pretty impressive reaction times if you tried to access the country intranet through a compromised web server.

I've always wondered how successful NSA and the likes have been at infiltrating DPRK networks, as it would inherently be fairly easy to detect any sketchy traffic from the outside. I wonder if the recent NYT story essentially confirms that difficulty.

Regarding the NSA and DPRK, there's this document from 2007 least https://www.eff.org/files/2015/02/03/20150117-spiegel-fifth_...

I guess I have a question after all: I'm not exactly clear on how NK treats end-user devices. Do you know if the endpoints used by NK based remote workers have internet and intranet access at the same time? If they do, such an endpoint could offer an easy and stealthy channel to access the intranet.

superducktoes

the end user devices are also really interesting. as far as i know they require a piece of software called netkey or oconnect as it's recently been renamed. that's for getting access inside the country and then for anyone outside they have software called hangro that is similar to a vpn for connecting back to north korea and getting messages

superducktoes

thanks really appreciate that! I've seen that doc before and it does really make me wonder. part of the leaks from the NSA tools years back had some references in there for detecting north koreas ant-virus silivaccine

https://github.com/b30wulf/Malware-collection/blob/4f5906c93...

There was also the hacking team leak from years ago and they were selling exploits for north korea's red star OS: https://nkinternet.wordpress.com/wp-content/uploads/2025/12/...

I assume they've been on their networks in the past but i think North Korea has also done a lot over the years to secure their side. it used to be a lot easier when they left everything as an open directory and didn't realize what they were doing.

metadat

Impressive sleuthing!

It's interesting to discover the reality that packet routing ends up following political affiliations. I didn't know North Korea only has 1,024 IPv4 addresses. Do you know why so few IPs? How did they get them?

monerozcash

DPRK can certainly get however many IP addresses they want, DPRK just doesn't have that much infrastructure that they want externally accessible.

As far as I know, end-user traffic from within North Korea usually does not originate from those few IP addresses. Or at least not visibly so, they might be connecting to a proxy from a DPRK IP address.