Tracking DPRK Cyber Operators' IPs via Compromised Mailboxes

The post references a blog article detailing a method to track North Korean (DPRK) cyber operators' IP addresses over time by monitoring compromised mailboxes. The technique involves analyzing email metadata and login patterns to identify and correlate operator activity. The blog provides examples of observed IP addresses linked to DPRK threat actors.