In December, cybersecurity researcher Nick Roy discovered a misconfigured cloud server on a North Korean IP address containing thousands of animation files, including cells, videos, and project notes, indicating North Korean involvement in major international TV shows. The findings, detailed in a report by the Stimson Center"s 38 North Project and Google-owned security firm Mandiant, suggest a means for North Korea to evade sanctions through skilled IT and tech workers.
As reported by Wired, North Korea"s tightly controlled internet landscape, with limited access and stringent monitoring, contrasts starkly with the discovery of a regularly updated exposed cloud server, which likely facilitated collaboration between North Korean animators, as suggested by Martyn Williams, a senior fellow on the 38 North Project. This active digital presence within the otherwise restricted online environment, raises questions about the regime"s digital activities and potential avenues for evading sanctions.
Analysis of the discovered files revealed editing comments and instructions primarily in Chinese, translated into Korean, with detailed anime images and video clips. Identified shows included content from Amazon"s Invincible, which is produced by California-based Skybound Entertainment, and Max and Cartoon Network show Iyanu: Child of Wonder, produced by YouNeek Studios, among others.
Sanctions imposed on North Korea prohibit US companies from collaborating with DPRK entities due to human rights violations and nuclear activities. Despite this, researchers suggest that companies involved in the TV shows are likely unaware of North Korean animators" involvement. They speculate that any contracting arrangement would be several steps removed from the primary producers, thus avoiding direct violation of sanctions or laws.
Spokespersons for Amazon and Max declined to comment, while YouNeek Studios did not respond to inquiries. However, a spokesperson from Skybound Entertainment stated:
We do not work with North Korean companies, or Chinese companies on Invincible, or any affiliated entities, and have no knowledge of any North Korean or Chinese companies working on Invincible. We take any claims very seriously and have commenced an investigation into this.
Williams suggests that a front company in China may be employed to conceal North Korean involvement in the animation work. Despite most connections to the exposed server being obscured by VPNs, analysis revealed access from Spain and three Chinese cities known for North Korean-operated businesses and overseas IT workers.
Although no identifiable North Korean organization names were found in the files, it"s notable that April 26 Animation Studio, also known as SEK Studio, has a longstanding presence in North Korea. However, the US Treasury Department has sanctioned SEK Studios and associated individuals for using front companies to evade sanctions, with many linked to China. These actions underscore concerns about illicit financial activities and deception within the global animation industry.
Michael Barnhart, a researcher at Mandiant, highlighted the financial motive behind such activities, suggesting they serve to bolster North Korea"s coffers. He warned of the merging roles between North Korean IT workers and individuals who are members of known hacking groups or classified as advanced persistent threats (APTs), urging heightened vigilance among companies.
This investigation into North Korea"s clandestine animation efforts underscores the complex interplay between technology, geopolitics, and international security.