Astrill VPN: New IPs Publicly Released on VPN Service Heavily Used by North Korean Threat Actors

SUMMARY :

North Korean threat actors, particularly from the Lazarus Group, continue to utilize Astrill VPN to conceal their IP addresses during attacks. Recent infrastructure and logs from the 'Contagious Interview' subgroup confirmed ongoing use of Astrill VPN in their operations. Google's Mandiant and Recorded Future's Insikt Group have also reported on DPRK threat actors' preference for this VPN service. Silent Push analysts have developed a 'Bulk Data Feed' of Astrill VPN IPs, updated in real-time, to help protect against threats. The research includes confirmation of Astrill VPN usage in recent attacks, including the $1.4 billion ByBit heist. A sample list of active Astrill VPN IP addresses is provided, with more comprehensive data available to enterprise users.

OPENCTI LABELS :

apt,north korea,contagious interview,famous chollima,astrill vpn


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Astrill VPN: New IPs Publicly Released on VPN Service Heavily Used by North Korean Threat Actors