The article discusses the acquisition of a .kp domain and the implications of VPN usage in North Korea, particularly focusing on a software called Hangro that may serve as a VPN. It explores the IP infrastructure associated with Hangro, its connections to North Korean nationals, and its potential uses for email communication within the country. Affected Platform: North Korea
Keypoints :
- A user on the webdev subreddit successfully acquired a .kp domain but noted the necessity of a VPN to access it.
- Most VPN providers claiming to operate in North Korea offer false IP geolocation.
- Hangro is speculated to function as a VPN for users outside North Korea.
- The IP infrastructure for Hangro includes addresses in both North Korea and Russia.
- Hangro’s possible uses include facilitating email communication within North Korea.
- Jo Myong Chol, a North Korean national, is linked to the registration of hangro.net.
- Hangro software reportedly disables external emails and is used for communication between North Korean authorities and companies.
- North Korean trading companies must pay to use Hangro.
MITRE Techniques :
- TA0040: Resource Development – Hangro software is potentially used for establishing a controlled communication channel for North Korean authorities.
- TA0006: Credential Dumping – The software may facilitate the management of email credentials specific to North Korean users.
- TA0009: Collection – Hangro is used for collecting and managing email communications within North Korea.
Indicator of Compromise :
- [IP Address] 175.45.176.21
- [IP Address] 175.45.176.22
- [IP Address] 175.45.176.32
- [IP Address] 188.43.136.115
- [IP Address] 188.43.136.116
- Check the article for all found IoCs.
Full Research: https://nkinternet.wordpress.com/2025/01/06/hangro-north-korean-vpn-infrastructure/