{
	"id": "db01b334-b0e3-4385-98a4-44ea28d8f15f",
	"created_at": "2026-04-06T00:16:42.918145Z",
	"updated_at": "2026-04-10T03:28:19.492801Z",
	"deleted_at": null,
	"sha1_hash": "a0b114d1f44dc533a3dea8b84338a67dc754a895",
	"title": "SkidSec Hacker Group Announces Plans to Spread North Korean Propaganda Through Hacked Printers in…",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1342175,
	"plain_text": "SkidSec Hacker Group Announces Plans to Spread North Korean\r\nPropaganda Through Hacked Printers in…\r\nBy Criminal IP\r\nPublished: 2023-12-03 · Archived: 2026-04-05 13:33:49 UTC\r\nPress enter or click to view image in full size\r\nSkidSec Hacker Group Announces Plans to Spread North Korean Propaganda\r\nThrough Hacked Printers in South Korea\r\nOn November 29, SkidSec hacker group announced its intentions on Telegram to attack exposed printers in South\r\nKorea to spread North Korean propaganda. North Korean propaganda refers to leaflets and other materials\r\ndesigned to promote North Korean ideas and criticize the South. According to the sudden announcement of the\r\nattack, it appears that the scheme is to attack all vulnerable printers in South Korea this upcoming\r\nweekend, printing and spreading North Korean propaganda.\r\nhttps://medium.com/@criminalip/skidsec-hacker-group-announces-plans-to-spread-north-korean-propaganda-through-hacked-printers-in-fdd314178dc4\r\nPage 1 of 6\n\nExample of a North Korean propaganda poster\r\nSource: Article on Vox\r\nHow SkidSec Hacker Group Plans to Attack Printers in South Korea to Spread\r\nNorth Korean Propaganda\r\nThe attack method announced on Telegram is to use the network and system security intelligence gathering\r\nservice ‘Censys’ to locate and connect to exposed Internet Printing Protocol (IPP) HP printers in South Korea and\r\nprint North Korean propaganda posters.\r\nHow to Hack Printers in South Korea to Spread North Korean Propaganda\r\n1. Connect to Censys.\r\n2. In the search bar, paste ((services.software.product=JetDirect) and services.service_name=IPP) and\r\nlocation.country=’South Korea’.\r\n3. Use the open IPP (Internet Printing Protocol) to print North Korean propaganda posters.\r\nhttps://medium.com/@criminalip/skidsec-hacker-group-announces-plans-to-spread-north-korean-propaganda-through-hacked-printers-in-fdd314178dc4\r\nPage 2 of 6\n\nSearching on “Censys” with their disclosed methods reveals thousands of printers in South Korea connected to the\r\ninternet. However, it is expected to be difficult to attack printers that require authentication. Printers without an\r\nauthentication process are more susceptible to falling victim to unwillingly printing North Korean propaganda\r\nposters.\r\nGet Criminal IP’s stories in your inbox\r\nJoin Medium for free to get updates from this writer.\r\nRemember me for faster sign in\r\nThe hacker group even said it would pay out Monero cryptocurrency to the person who attacked and\r\nprinted the most North Korean propaganda posters over the weekend. South Korean companies and\r\ngovernment institutions must act quickly to prevent North Korean propaganda posters from being\r\nunexpectedly printed this upcoming weekend.\r\nhttps://medium.com/@criminalip/skidsec-hacker-group-announces-plans-to-spread-north-korean-propaganda-through-hacked-printers-in-fdd314178dc4\r\nPage 3 of 6\n\nFind Printers in South Korea Exposed on the Internet, Targeted by SkidSec\r\nHacker Group\r\nIn Criminal IP Asset Search, you can enter a query that resembles the attack methods of SkidSec hacker group to\r\nfind exposed printers in South Korea.\r\nSearch Query: HP port: 631 country: KR\r\nPress enter or click to view image in full size\r\nSearching for exposed printers in South Korea targeted by SkidSec hacker group in Criminal IP\r\nAsset Search\r\nSearch results show more than 2,000 exposed printers vulnerable as attack targets.\r\nTo further identify the attack targets, you can check the AS Name statistics of the servers with exposed printers.\r\nPress enter or click to view image in full size\r\nhttps://medium.com/@criminalip/skidsec-hacker-group-announces-plans-to-spread-north-korean-propaganda-through-hacked-printers-in-fdd314178dc4\r\nPage 4 of 6\n\nAS Name statistics of exposed printer servers searched in Criminal IP Element Analysis\r\nChecking the same query on Element Analysis provides AS Name statistics, showing that South Korean\r\ntelecommunications company KT (Korea Telecom) has the most exposed devices. This is due to households and\r\ncorporate institutions in South Korea conventionally using KT IP addresses.\r\nHowever, upon closer examination of the AS Name statistics, it reveals the inclusion of universities and\r\nbusinesses.\r\nHow to Prevent Vulnerabilities in Exposed Printers\r\nInitially, the SkidSec hacker group’s announcement of printing North Korean propaganda posters may seem not\r\nvery threatening, let alone menacing. However, exposed printer devices are also prone to leaking other important\r\ninformation in internal systems and servers. Therefore, organizations operating such exposed printers should\r\nquickly inspect their attack surface and take measures to prevent the printers from further exposure.\r\nRemoving threats of an exposed attack surface is fairly simple. This can be done by closing open ports or\r\nmodifying weak authentication settings to block external access.\r\nThis report is based on data from Criminal IP, a Cyber Threat Intelligence search engine.\r\nCreate a free Criminal IP account today to access the search results cited in the report and search for more\r\nextensive threat Intelligence.\r\nSource: Criminal IP (https://www.criminalip.io)\r\nhttps://medium.com/@criminalip/skidsec-hacker-group-announces-plans-to-spread-north-korean-propaganda-through-hacked-printers-in-fdd314178dc4\r\nPage 5 of 6\n\nSource: https://medium.com/@criminalip/skidsec-hacker-group-announces-plans-to-spread-north-korean-propaganda-through-hacked-printers-in-fdd314178dc4\r\nhttps://medium.com/@criminalip/skidsec-hacker-group-announces-plans-to-spread-north-korean-propaganda-through-hacked-printers-in-fdd314178dc4\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"MISPGALAXY"
	],
	"references": [
		"https://medium.com/@criminalip/skidsec-hacker-group-announces-plans-to-spread-north-korean-propaganda-through-hacked-printers-in-fdd314178dc4"
	],
	"report_names": [
		"skidsec-hacker-group-announces-plans-to-spread-north-korean-propaganda-through-hacked-printers-in-fdd314178dc4"
	],
	"threat_actors": [
		{
			"id": "1ea1bb1c-12f2-4af9-8734-0080c376c02c",
			"created_at": "2024-10-08T02:00:04.457708Z",
			"updated_at": "2026-04-10T02:00:03.720292Z",
			"deleted_at": null,
			"main_name": "SkidSec",
			"aliases": [
				"SkidSec Leaks"
			],
			"source_name": "MISPGALAXY:SkidSec",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434602,
	"ts_updated_at": 1775791699,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a0b114d1f44dc533a3dea8b84338a67dc754a895.pdf",
		"text": "https://archive.orkl.eu/a0b114d1f44dc533a3dea8b84338a67dc754a895.txt",
		"img": "https://archive.orkl.eu/a0b114d1f44dc533a3dea8b84338a67dc754a895.jpg"
	}
}