Been looking through the Rim Jong Hyok indictment and maui ransomware affidavit. A couple of interesting things that I’ve found.
Rim Jong Hyok indictment: https://www.justice.gov/d9/2024-07/hyok_filed_indictment.pdf
Maui affidavit: https://s3.documentcloud.org/documents/25002601/maui-ransomware.pdf
The email whas1985@yahoo.com has apparently been in a number of database leaks over the years including nitrocloud and 000webhost. Looks like they used the same password globalhades19930709 for everything. Interesting is that some of the leaks date back to 2017
The only other thing that I’ve come across so far is that one of the emails listed in the maui affidavit reneefletcher1988@gmail.com apparently registered the domain capitalsloan.com in 2020 and is still active today
Can’t find much other information right now. Could be compromised accounts, could be accounts that were setup years ago by Rim Jong Hyok or someone related.
From the emails in the Maui ransomware report, the following emails have accounts on other services:
asitdolui6666@gmail.com – Firefox.com
nirmhanpandiri@gmail.com – twitter account. shows up on a few lists when searching
nicolas6999999@gmail.com – freelancer.com
whas1985@yahoo.com – zoho
reneeafletcher@mail.com – freelancer.com, twitter.com
The freelancer.com accounts probably make sense.
