Unit 42 researchers identified a North Korean IT worker activity cluster, CL-STA-0237, involved in phishing attacks using malware-infected video conference apps. The cluster likely operates from Laos and exploited a U.S.-based SMB IT services company to apply for other jobs, securing a position at a major tech company in 2022. This cluster is part of a broader network of North Korean IT workers supporting illicit activities. The article highlights the shift from stable income-seeking to aggressive malware campaigns and illustrates the global reach of these workers. Organizations are advised to strengthen hiring processes, implement robust monitoring, evaluate outsourced services, and ensure employees don't use corporate machines for personal activities.