Some file names gave clues to series and episode numbers. There were also files and projects that investigators couldn’t identify, including a “bunch of files” with videos of horses and a Russian book about horses, Williams says.
Sanctions imposed on the North Korean regime for its continued human rights abuses and nuclear war programs prohibit American companies from working with DPRK companies or individuals. However, investigators say it is highly unlikely that the companies involved have any idea about the North Korean animators working on the shows, and there is nothing to suggest the companies violated sanctions or other laws. “It is likely that the contracting agreement was several steps below the major producers,” the report says.
Spokespeople for Amazon and Max’s spokesperson declined to comment for this story. YouNeek Studios did not respond to a request for comment.
“We do not work with North Korean companies or Chinese companies in Invincibleor any affiliated entity, and I am not aware of any North Korean or Chinese companies working on Invincible”says a spokesperson for Skybound Entertainment. “We take any claim very seriously and have launched an investigation into the matter.” in a publish in XThe company characterized the findings as “unconfirmed” and said it is working with authorities to investigate.
Williams says it is possible that a front company in China was used to help disguise the North Koreans’ activity and involvement. Researchers were able to analyze connections to the exposed server and, although most had their location masked by a VPN, they detected access from Spain and three Chinese cities. “The three cities are known to have many North Korean-operated companies and are major hubs for North Korean IT workers living abroad,” the report said.
While Williams says researchers did not find any identifiable names of North Korean organizations buried in the archives, the country does have a well-established animation company called April 26 Animation Studio, which is also known as SEK Study. Originally created in the 1950sThe studio has worked on hundreds of international television shows and films.
However, in recent years, the US Treasury Department has sanctioned SEK Studios, people linked to it, and several “front companies” that it says are used to “working for foreign clients.” Many of them have ties to China, according to sanctions. “SEK Studio has used a variety of front companies to evade sanctions targeting the DPRK government and deceive international financial institutions,” said a statement issued as part of the report. sanctions in 2021 says.
The main goal of these efforts, says Michael Barnhart, a North Korea researcher at Mandiant, is to raise money for the North Korean regime. The country’s hackers and fraudsters have stolen and extorted billions of dollars to help fund their military ambitions in recent years, including through major cryptocurrency heists. At the beginning of 2022, the The FBI issued a 16-page alert warning companies that remote North Korean IT freelancers were infiltrating companies to make money they could funnel home.
“The volume is much higher than we expected,” Barnhart says of North Korean IT workers. They constantly change their tactics to avoid getting caught, he says. “We had one not long ago, where during the interview, the person’s mouth was out of frame. “You could tell that someone deep down was speaking on his behalf.” Technically, Barnhart says, companies should check their remote workers’ devices and make sure there is no remote software connected to a company laptop or network. Companies should also make additional efforts at the hiring stage by training human resources staff to spot potential IT workers.
However, he says, there is increasing crossover between North Korean IT workers and individuals who are members of hacking groups known or classified as advanced persistent threats (APT). “The more we focus on IT workers, the more we start to see APT operators and efforts mixed in with them,” she says. “This could be the fastest, most agile nation-state I have ever seen.”
