Cyber Saga: In the Footsteps of the DPRK IT Workers

This Group-IB analysis details a persistent DPRK-linked operation that builds and deploys synthetic developer identities across GitHub, freelancing platforms, and payment services to secure remote jobs, evade sanctions, and potentially obtain insider access; the report includes persona archives (e.g., Dominic Williams, Dejan Teofilovic), AI-assisted application workflows, operational support infrastructure, IOCs (emails, GitHub accounts, portfolio domains), and practical mitigation guidance for HR, finance, and security teams.