dprk-github-employment-fraud.pdf (4 MB)

Nisos tracks a likely DPRK-affiliated IT worker network using GitHub to support fake personas seeking remote engineering and full-stack blockchain roles in Japan and the United States. The personas pose as Vietnamese, Japanese, and Singaporean nationals, reuse older GitHub accounts and portfolio material, and show indicators associated with DPRK employment fraud, including manipulated profile photos, similar email patterns, limited social media presence, and claims of broad web, mobile, and blockchain development experience. Nisos found two personas that appear to have obtained jobs at small companies, assessing that the network's goal is to earn revenue for Pyongyang's weapons programs.