Inside the DPRK: Spotting Malicious Remote IT Applicants

216.73.216.36

Inside the DPRK: Spotting Malicious Remote IT Applicants

· Published 15/05/2025 13:26 · Modified 21/05/2025 20:18

Essential information

Published: 15/05/2025 13:26
Modified: 21/05/2025 20:18
Tags: 2025-05-15 dprk it workers
Related entities: 200 observables, 1 techniques (mitre), 2 others

Description

The Democratic People’s Republic of Korea (DPRK) deploys skilled IT workers remotely to organizations globally funding its weapons of mass destruction (WMD) and missile programs, violating sanctions. In recent weeks, the techniques leveraged to evade detection have evolved, reducing reliance on traditional “laptop farms”. The threat has also expanded beyond the U.S. with active operations within Europe and other regions. Included is a list of emails that are tied and associated with DPRK Insider IT Worker infrastructure that may have been used for potential employment opportunities.

External references

https://www.dtexsystems.com/resources/i3-threat-advisory-inside-the-dprk/
https://otx.alienvault.com/pulse/6825eb759127d5e1142b86b0