Unmasking DPRK IT Workers: Email Address Patterns as Hiring Red Flags

This report analyzes two August 2025 public leaks of ~1,389 email addresses and associated artifacts attributed to North Korean remote IT workers (Microsoft-tracked as ‘Jasper Sleet’), describing their tactic of securing remote roles in Web3/crypto firms to gain access to corporate systems; it documents domain and username patterns, overlaps with large infostealer breaches (CutOut Pro, ALIEN TXTBASE), recovered passwords, an ETH wallet, and provides detection and mitigation recommendations for employers.