Threat Spotlight: Red Flags for Red Star Hackers: Hunting for North Korean Insiders

ReliaQuest investigated over 25 cases of North Korean insider operatives posing as freelance/contract IT workers to infiltrate Western firms, using AI-generated profiles, Astrill VPN, VPS infrastructure, IP-KVM devices and shared fixed-line IPs (laptop farms); the report details IP and device indicators, TTPs, and recommended mitigations such as COBO policies, USB allowlisting, blocking unauthorized RMM tools, and strengthened hiring and threat-hunting practices.