While the scale of the IT Workers is in itself an issue, 2024 has shown that IT Workers are increasingly engaged in, or adjacent to, malicious activities that extend beyond illegal employment, including: cryptocurrency heists, malware campaigns, and extortion. Overlaps with traditional North Korean APT activity have also been observed, such as with Park Jin Hyok, who was seen posing as a developer on freelancer platforms. IT Workers are believed to be primarily stationed outside of North Korea, and yet most of the infected hosts had external IPs not publicly associated with the DPRK. Contrary to what some online discussion implies, North Korean IT Workers are both very real and very widespread, and although the spotlight has only really been put on them this year, two things are clear: they’re a major source of income for the DPRK and are not going anywhere anytime soon.