A recent discovery of a poorly configured cloud server in North Korea has shed light on the secretive world of North Korean animation outsourcing and the challenges foreign companies face in ensuring they do not inadvertently violate sanctions.
A Window into North Korean IT Operations
The investigation began after the discovery of a cloud storage server with a North Korean IP address that was no longer active. The server’s misconfiguration allowed public access, revealing a constant stream of files related to animation projects being sent and received.
North Korea uses such cloud servers as a workaround to the restricted internet access within the country. In most organizations, only a few designated computers have internet access, which is closely monitored and controlled.
The server was first noticed by a blogger specializing in North Korean internet activities, and observations continued throughout January. Daily uploads revealed detailed instructions for animation projects and subsequent completed works. While the identity of those uploading the files remained unknown, instructions often included Chinese annotations alongside Korean translations, indicating the involvement of intermediaries between the animators and external production companies.
The Trail Leads to Pyongyang
Documents suggested that the primary contributor was likely the April 26 Animation Studio, North Korea’s most prestigious animation house based in Pyongyang. Known for producing content for both domestic audiences and international clients, the studio has been previously involved with various international collaborations.
Exploring Server Access and International Implications
Further investigation into the server’s access logs by a prominent cybersecurity firm revealed connections from various global IP addresses, including some from VPN services, Spain, and particularly from Liaoning Province in China—a region known for its proximity to North Korean operations.
Diverse Animation Projects Uncovered
The files on the server spanned a range of animation projects, hinting at the involvement of several North Korean animators. Notable projects included:
- The third season of “Invincible,” an Amazon Original series.
- “Iyanu, Child of Wonder,” an upcoming superhero anime set for release on HBO Max.
- “Dahliya In Bloom,” a Japanese anime series.
- Various other projects including potential work on popular children’s series and undisclosed projects with instructions in Chinese and Russian related to diverse themes.
Due Diligence and Compliance Challenges
The incident highlights the ongoing challenges faced by international companies in vetting their subcontractors to ensure compliance with U.S. and United Nations sanctions. The U.S. government has repeatedly warned about the risks of employing North Korean workers who might disguise their true location using sophisticated means such as VPNs. Companies are advised to implement robust verification processes to confirm the identities and locations of their remote workers to avoid inadvertently supporting North Korean enterprises through global IT outsourcing.
This case underlines the importance for companies involved in international production to deeply scrutinize every link in their supply chain to ensure compliance with international laws and avoid unintentional breaches of sanctions.