DPRK Employment Scam Network Targets Remote Tech Jobs

2025-05-19 • NISOS •

https://nisos.com/research/saja-dprk-employment-scam/

#ITWorker

Attachments

saja-dprk-employment-scam-network.pdf (8 MB)

Thumbnail for DPRK Employment Scam Network Targets Remote Tech Jobs

Nisos tracks the Saja DPRK Employment Scam Network as a likely DPRK-affiliated IT worker operation seeking remote engineering and full-stack blockchain roles. The actors posed as Polish and U.S. nationals through GitHub accounts, portfolio sites, freelancer profiles, and a freelance software development company called Inspiration With Digital Living. Nisos tied the cluster together through repeated lion-themed GitHub avatars, similar "century" email addresses, cloned portfolio templates, reused personas, and manipulated profile photos. The activity shows DPRK IT worker tradecraft extending beyond individual fake resumes into legitimate-looking developer companies built to win freelance and full-time remote work.

Indicators of Compromise

Type	Value	First Seen	Last Seen
URL	https://softwarepassioner.githu…	2025-05-19	2025-05-19
URL	https://portfolio-ideal-softer.…	2025-05-19	2025-05-19
URL	https://veteransoftdev.github.io	2025-05-19	2025-05-19
URL	https://goodwork0903.github.io	2025-05-19	2025-05-19
URL	https://dedicatedsoftwaredev.gi…	2025-05-19	2025-05-19
URL	https://seasonedsoftdev.github.…	2025-05-19	2025-05-19
URL	https://cleversofter.github.io	2025-05-19	2025-05-19
DOMAIN	dedicatedsoftwaredev.github.io	2025-05-19	2025-05-19
DOMAIN	softwarepassioner.github.io	2025-05-19	2025-05-19
DOMAIN	seasonedsoftdev.github.io	2025-05-19	2025-05-19
DOMAIN	veteransoftdev.github.io	2025-05-19	2025-05-19
DOMAIN	cleversofter.github.io	2025-05-19	2025-05-19
DOMAIN	goodwork0903.github.io	2025-05-19	2025-05-19