Ex-Unit 350: Elite cookie ops. Perfect bake temp. No ties to Unit 8200.
Joined April 2022
- Tweets 688
- Following 96
- Followers 1,994
- Likes 860
329 Photos and videos
Pinned Tweet
Vendor: "We uhh, found this vulnerability you should patch"
Cookie: Wait, you forgot to mention you discovered this due to active nation-state exploitation and <actor> may had/have full access & pivoted in your network (you're fucked).
🚨 NBD, just a patch! 🚨
@aptwhatnow
3
13
82
13,277
There are the boys.
Two U.S. Nationals Sentenced for Facilitating Fraudulent Remote Information Technology Worker Schemes to Generate Revenue for the Democratic People’s Republic of Korea
“These sentences hold accountable U.S nationals who enabled North Korea’s illicit efforts to infiltrate U.S. networks and profit on the back of U.S. companies,” said Assistant Attorney General for National Security John A. Eisenberg. “These defendants helped North Korean ‘IT workers’ masquerade as legitimate employees, compromising U.S. corporate networks and helping generate revenue for a heavily sanctioned and rogue regime. The National Security Division will continue to pursue those who, through deception and cyber-enabled fraud, threaten our national security.”
🔗: justice.gov/opa/pr/two-us-na…
1
12
1,037
3
464
Vendor: "We uhh, found this vulnerability you should patch"
Cookie: Wait, you forgot to mention you discovered this due to active nation-state exploitation and <actor> may had/have full access & pivoted in your network (you're fucked).
🚨 NBD, just a patch! 🚨
@aptwhatnow
3
13
82
13,277
Thats right, 🇨🇳 [ ] has/have been actively exploiting a vulnerability in SC for years which gave them full access to your systems. CW has decided to omit that from this post and the prior vuln that gave access.
@aptwhatnow @silascutler @campuscodi
1
3
20
2,502
On-prem was / is most impacted. Cloud was impacted too, but they addressed that issue first.
12
1,020
Contrary to the quoted tweet, @sexinfochina is in fact the admin of the Chinese darknet market FreeCity. Behind the handle is Xiao He, a Chinese national who is a prolific launderer of DPRK stolen funds, supporter of DPRK IT Worker ops, and pusher of fake viagra.
Feb 14
I am NOT the operator of ‘FreeCity’ or ANY darknet market. That tg account doesn't belong to me.
I’m a trader whose 10 BTC is frozen by @near_intents under shady “compliance review.” You’re smearing me to deflect from THEIR theft.
This is libel, not journalism. false accusations damaging reputation = criminal offense. Retract or lawyer up.
Crypto community: Demand proof before believing smears.
You're the real bad guy who started this whole thing. You're helping out the big shots behind the scenes, pretending to uphold blockchain justice all along.
So your money also comes from the crypto community? Can you guarantee that all your upstream funds are completely legal?
5
9
69
15,775
Check this out
💊
Contrary to the quoted tweet, @sexinfochina is in fact the admin of the Chinese darknet market FreeCity. Behind the handle is Xiao He, a Chinese national who is a prolific launderer of DPRK stolen funds, supporter of DPRK IT Worker ops, and pusher of fake viagra.
2
4
838
Cookie Connoisseur retweeted
21 Nov 2025
Gen Threat Labs uncover evidence of rare cross-country coordination between Russia’s Gamaredon and North Korea’s Lazarus | gendigital.com/blog/insights… @GenThreatLabs
6
39
76
9,989
21 Nov 2025
ICYMI - DPRK's training video on making Civil Engineering profiles to perform fraudulent CIV-E work.
#DRPK #kimhasabigfacemole @aptwhatnow
youtu.be/m4XmJUBorKU
4
9
39
7,795
19 Nov 2025
Blast from the past
Our boy @AMangus7 - AKA "Tyler Minegar, Brock Patterson, Tretiak Sashka"
LMAO Bro, where did you find this X PFP? Boy be manifesting. Surprised Daddy lets you on X
I hope you find someone to help you with your english so your ITW frenz stop pickin' on you
1
4
1,115
Cookie Connoisseur retweeted
7 Nov 2025
‼️🇰🇵 Another North Korean hacker using AI to alter his face caught while trying to infiltrate Bitso.
Meet "Sebastian," a software engineer from Colombia who can't speak Spanish. Strange, right?
73
553
6,597
1,402,702
31 Oct 2025
RT @MauroEldritch: 🇰🇵 Meet "Mateo" and "Alfredo", two young #Lazarus agents who thought it was a good idea to steal someone else's ID and r…
100
22 Oct 2025
Multilateral Sanctions Monitoring Team’s DPRK IT Worker report.
msmt.info/view/save/2025/10/…
#DPRK
2
7
18
3,943
17 Oct 2025
Thanks for the call out Matt Burgess!
It's true, DPRK boyz are acting as architects, structural engineers, and stamping/approving designs in the United States for a quick dollar. They steal legitimate licenses and make up stamps. Time to do something.
wired.com/story/north-korean…
5
15
1,482
Cookie Connoisseur retweeted
1 Oct 2025
Just added a fresh write-up on DPRK-linked GitHub orgs - examples, tactics, and indicators. From fake “startups” to fork farms: how DPRK teams spin up orgs, boost each other, and hunt for facilitators. As at the time of writing, most are still active on Twitter.
Link below.
1
13
24
4,056
Cookie Connoisseur retweeted
25 Sep 2025
After nuking all of his accounts since @browsercookies and I last looked at him, "Steven Leal" has been hard at work as "Crazy Steven". 🇰🇵 He was kind enough to keep the luckypenny1632333 while he pivoted from shitty crypto grifter to shitty AI grifter.
25 Sep 2025
Using automation with AI voice agents(2): Make.com and N8N orchestrate when your voice agents contact customers. Use cases include inbound Call Handling: Log call metadata received via webhook (e.g., from Retell) into a database or CRM for analysis or follow-up.
4
15
3,185
29 Aug 2025
NGL they did him a solid.
This image is now banned. Do not repost
x.com/1o57/status/1961164574…
6
1,508
Cookie Connoisseur retweeted
26 Aug 2025
Great stuff coming out of Chollima Group. Started months ago but nice to finally see it out there.
Come for the juice, stay for the creepy altered images
chollima-group.io/posts/duba…
11
38
4,830
15 Aug 2025
Hello again
This time we cover IT Worker who infected himself with Contagious Interview malware
Meet Gerardo Salgado aka Tammy Hans (the old one). He appears to have access to a large number of compromised accounts and has run two fake companies in US.
7
1,607