From Pyongyang to Your SaaS: Spotting DPRK Tactics in Zoom and Slack

Name: Detecting DPRK SaaS Access Using IP Intelligence
Start: 2025-10-24T00:13:00.000Z
End: 2025-10-24T00:13:00.000Z

10.24.2025

Learn How to Unmask DPRK-Style Tactics Hiding in Collaboration Logs

Adversaries mask access with tools like Astrill VPN and residential proxies so hostile logins look normal in SaaS logs. Because these services are rarely used by corporate IT teams, their appearance is a major red flag you can act on quickly.

Demonstrate how to pull usage data from Zoom and Slack.
Map IPs using Spur data for additional context.
Identify anonymous access that should raise alarms.

Leave with a repeatable workflow to enrich Zoom and Slack activity with IP intel and flag suspicious access fast.

See the Difference Between Raw Data & Real Intelligence

Start enriching IPs with Spur to reveal the residential proxies, VPNs, and bots hiding in plain sight.

Request a Demo Start Free Trial

Learn How to Unmask DPRK-Style Tactics Hiding in Collaboration Logs

Further Reading

See the Difference Between Raw Data & Real Intelligence