GBHackers News reports that a global shadow network of over 10,000 North Korean IT operatives has infiltrated technology and freelance platforms by using VPNs, virtual private servers, and "laptop farms" to disguise their true locations, according to security researchers and Microsoft's threat intelligence team.Operating under fake identities across Asia, Russia, and beyond, these state-backed workers generate revenue for Pyongyang's weapons programs and collect sensitive corporate data. Investigations reveal that the operatives often use social engineering tactics, such as AI-generated headshots and stolen rsums, to secure legitimate employment, later exploiting insider access to steal credentials and deploy malware.Technical forensics show the use of common developer tools mixed with infostealer scripts capable of exfiltrating GitHub tokens. Analysts have also identified DPRK-linked activity in sectors like architecture and infrastructure, where operatives submitted fraudulent engineering proposals.Experts warn that without stronger identity verification and multifactor authentication, companies risk unknowingly hiring sanctioned actors engaged in espionage and data theft.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds