Found this posted on twitter a few days ago, not yet listed on dprkportal.kp

North Korea has launched a new #website!

The website, https://t.co/jd2KzfOmgL appeared in early July and serves as the homepage of the #KimIlSung–#KimJongIl Foundation (KKF). The KKF used to be hosted on Naenara, until recently.

The new website resembles its predecessor. pic.twitter.com/GCSZkrd5wc

— North Korean Archives and Library (NKAAL) (@NorthNKAAL) July 24, 2023

In case you run into a similar problem that I ran into on getting apks off DPRK phones and not being able to run them on other devices. Here’s the steps for re-signing

apktool d -r -s application.apk

cd ./application/original/META-INF
rm -f *
cp ./application/dist/application.apk

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore application.apk alias_name

zipalign -v 4 application.apk application_aligned.apk

If needed to generate the cert for signing:
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Obviously you’ll need to install apktool, jarsigner, zipalign. replace application.apk with the name of the apk that you’re working with.

Looks like a bunch of domains have switched in the last few days and are now resolving to 175.45.177.10 and 175.45.177.11

I admit it’s been a while since all the excitement at the start of the year. I’m still not convinced that the person interviewed in the Wired article was responsible for the attacks, or at the very least if they were they definitely exaggerated their activity.

But, looking forward. Two things that I’ve been working on. One is taking a closer look at North Korean firewalls. The other is a list of 200 star-co.net.kp email addresses which has been an interesting list to search with. I’ll be posting some of the findings from that list.

For example I found this post on vk.com that describes the Nenara Taedongan TV factory which I haven’t seen anywhere else online. Judging based on the contact info and some of the information it appears to be something that can be reasonably trusted. https://vk.com/wall-61269228_2342?lang=en

This has all been very fun to monitor but looks like it’s coming to an end with the Wired article from yesterday. One last interesting thing that I wanted to point out is that I own a domain that is very similar to a popular North Korean domain, minus the .kp tld. It didn’t hit me until a few days later but there are some interesting coincidences in the traffic that I’ve seen on that server and comparing it to the outages on the DPRK websites.

If I can re-use my graph that I created the other day right around the final outage my website that is similar to the DPRK website received over 41,000 requests in the span of a minute and a half. Specifically right around the end of the 2.5 hour gap is when I saw things spin up.

Again, attribution is incredibly difficult and not something that I want to get into at all. But it was a pretty strange coincidence that my very similar domain saw a major spike in traffic at the exact same time that the DDoS against North Korea was occurring. I don’t want to share all of the details publicly but if you are interested, and have a decent use for the data, feel free to send me an email.

About a year ago I received an email from 주전골님 <sealhae@hanmail.net> about investing in North Korea. Below is the full context of the email as well as the JPG’s that were attached.

There’s nothing really interesting in the EXIF data other than the scanned documents have the phrase 형간염검사지 which apparently translates to hepatitis test papers. The only other piece of data that I’ve seen is on the picture with the timestamp in the bottom right corner. The picture was taken with a Digimax i6 PMP, Samsung #11 PMP

Dear    CEO       Senior Researcher          World  HCV , HBV , M/XDR-TB Treatment Natural food manufacturing and production cooperation in your country. We value new therapeutic substances research, collaboration and trust. "Indigenous platform food" is a method for curing viral diseases that cannot be treated with drugs.Safe cell therapy Hepatitis B and C treatment substances co-production. We want to cooperate with you in your home country for the manufacture and production of natural cures. Now there is a need for innovative new methods to treat human blood infection viruses. Use antiviral drugs for the treatment of all viral diseases produces the mutant viral antigen of this disease.To cope with the emergence of another virus in the future, difficulties such as this covid-19 will face national paralysis and crisis The world cannot make blood-borne virus therapeutics.Chemical treatments for blood viruses are ineffective.Viral blood tumor decomposition is a mechanism for treating humans with "natural platform food" that they consume on their own. Symptoms of hepatitis B started 3000 years ago.The reality that treatments have been studied by a chemical approach has never been cured anywhere in the world.Overpurification of Mycobacterium tuberculosis proceeds due to the imbalance in the use of drugs and the imbalance of the nutrients taken.It is the progression of human pain due to the inability of the efficacy of chemical drugs due to the evolution of Mycobacterium tuberculosis.After infection, reduced levels of human immune cells (CD-4 / 8, platelets) are damaged by the aggression capacity of the bacteria.Chemical drugs attack tuberculosis bacteria, but tuberculosis bacteria evolved and turned into viruses during metastasis to the liver.When bacteria spread from the lungs to the liver, the bacteria evolve into viruses.It is a refractory disease that has evolved into a complex infection of a long-term combined viral disease.Therapeutic agents of any chemical combination on the planet are incurable "tolerant" viral diseases. Viral diseases (HIV, HCV, HBV, M / XDR-TB) are simply treated.How to cure viral diseases (HIV, HCV, HBV, M / XDR-TB).1 "Virus killing of infected organs and blood.2 "Recovering and maintaining normal levels of degraded immunecells (CD-4 / 8, platelets) Confirm complete virus kill.3: Identify naturally occurring antibody cells in blood and organs aftertreatment.Live-attenuated Immune Cell Blood , Anti-HBc,Anti-HBs AntibodiesIt is a reliable evidence of the therapeutic effect "natural platform food"Test name ---------------- Test result --------------------- Reference value-- -------------- unitHBsAg -------------------- Neg (<0.05) ------------------- -Neg <0.05- ------------------ IU / mLAnti-HBc ------------------- Pos --------------------------- --11.64 ----------------------- mIU / mLAnti-HBs ------------------- Pos --------------------------- ---- 11.8 --------------------- --mIU / mL Live-attenuated Immune Cell Blood Test Record . Hospital blood test record proved to cure hepatitis with "native platform food" after human virus infection . Blood infection virus treatment is a natural substance that grows naturally in many countries around the world and can be easily collected and manufactured by anyone.0 " I propose to cooperate with you, your company and nutraceutical manufacturers for the manufacture and production of blood virus             ther  apeutics.     Production and manufacture of bioblood virus therapeutics of native substances is very simple.      Natural substances required for the manufacture of therapeutic substances.After infection, immune cells continue to decrease, causing serious severity of blood and organ pain.This therapeutic substance does not conflict with drugs, food, fertilizers, pesticides, chemicals, injections, drugs and lifestyles."natural platform food"  North Korea, North America, Australia, New Zealand, India, China, Vietnam, Myanmar, Laos, and Cambodia have a wide variety of native substances. 0" Liver tissue cells that have fully healed after being infected with  "hepatitis B virus,    Live-attenuated Immune Cell Blood  to provide.    Attachment is HBV cure hospital record of three people,All cure of this treatment mechanism is the role of "natural platform food". With North Korea's investment progress,With stable purchase of minerals necessary for the manufacture of cutting-edge products,Business progress for manufacturing next-generation hydrogen cell products,Thank you. Kim E RangSenior ResearcherResistant Virus Lab

Looks like Wired got to the bottom of the recent outages in North Korea: https://www.wired.com/story/north-korea-hacker-internet-outage/

Now that it doesn’t make much of a difference this was a graph that I created a few days ago to start getting a better idea of when launches and outages were occurring.

As as side note to all of this I’ve spent far too much time in the last few days really digging into North Korea’s internet and the way that they are peering with other networks which probably will require a new post later.

PUST maintains a GitHub account for committing changes to open source projects on GitHub: https://github.com/arirang-pust

A sample commit can be found here: https://github.com/mlpack/mlpack/pull/842

Chat logs from the MLPACK developers discussing the change from PUST: https://www.mlpack.org/irc/mlpack.20161220.html

Blog post from the professor at PUST discussing the changes: https://izbicki.me/blog/teaching-open-source-in-north-korea.html

Associated LinkedIn account for PUST can be found here: https://www.linkedin.com/in/arirang-pust-748483144/

Thanks to the person that submitted this over email!