Team Cymru - S2 Threat Research
@teamcymrus2.bsky.social
Follow us for the latest blogs and IOCs from Team Cymru's S2 Threat Research team.
This ferry service has taken on greater significance in recent months. When a North Korean soldier, taken as a prisoner of war by Ukrainian forces, claimed he had travelled from North Korea into Russia aboard a “Russian cargo ferry”.
kyivindependent.com/zelensky-rel...
kyivindependent.com/zelensky-rel...
'I didn't know who I'd be fighting' — North Korean soldier captured by Ukraine speaks in new footage
The POW said he arrived in Russia on a cargo ferry with over 100 other North Korean soldiers.
kyivindependent.com
April 25, 2025 at 6:01 PM
This ferry service has taken on greater significance in recent months. When a North Korean soldier, taken as a prisoner of war by Ukrainian forces, claimed he had travelled from North Korea into Russia aboard a “Russian cargo ferry”.
kyivindependent.com/zelensky-rel...
kyivindependent.com/zelensky-rel...
The IPs in this case, which have entered the public domain in recent days:
188.43.33.250
188.43.33.251
Are part of a small cluster assigned to InvestStroyTrest. This company operates a ferry service between North Korea and Russia, maintaining an office in the port of Rajin, KP.
188.43.33.250
188.43.33.251
Are part of a small cluster assigned to InvestStroyTrest. This company operates a ferry service between North Korea and Russia, maintaining an office in the port of Rajin, KP.
April 25, 2025 at 6:01 PM
The IPs in this case, which have entered the public domain in recent days:
188.43.33.250
188.43.33.251
Are part of a small cluster assigned to InvestStroyTrest. This company operates a ferry service between North Korea and Russia, maintaining an office in the port of Rajin, KP.
188.43.33.250
188.43.33.251
Are part of a small cluster assigned to InvestStroyTrest. This company operates a ferry service between North Korea and Russia, maintaining an office in the port of Rajin, KP.
This infrastructure was controlled via IPs assigned to Russian #TransTelecom, as pointed out in Trend Micro’s recent analysis. These IPs reside in several ranges (some disclosed publicly, some not) which we have observed in concert with DPRK-linked activity for several years.
April 25, 2025 at 6:01 PM
This infrastructure was controlled via IPs assigned to Russian #TransTelecom, as pointed out in Trend Micro’s recent analysis. These IPs reside in several ranges (some disclosed publicly, some not) which we have observed in concert with DPRK-linked activity for several years.