DPRK IT WORKERS UNVEILED

This research profiles suspected DPRK IT workers who create fake identities and public developer/resume profiles (GitHub, CodeSandbox, freelancing sites) and use deepfakes, proxying, and recruitment campaigns to secure remote work and conduct malicious operations; it compiles suspected account URLs, resume links, observed pitches/queries, and links the activity to DPRK entities (Department 53) and Lazarus-related campaigns, citing major incidents including Operation Dream Job and the Bybit ~$1.4–1.5B crypto heist while noting geopolitical ties to Russia and China.