Shares tag: ITWorker • Same author: NISOS • Published within a month
DPRK IT Worker Scam: Mitigation Steps for Hiring Teams
2025-03-27 • NISOS •
Attachments
Nisos tracks likely DPRK-affiliated IT workers posing as Singaporean, Turkish, Finnish, and US nationals to obtain remote engineering and blockchain jobs. The report identifies reusable persona infrastructure, including GitHub portfolios, resumes, contact details, and stock or manipulated profile photos, with examples such as Karl Chong, Roman Kryveha, Ram Maharjan, and John Alexander Bird. Nisos recommends OSINT-heavy hiring checks: reverse image searches, shared phone and email correlation, GitHub and portfolio review, location consistency checks, prior employment and education verification, reference retention, and on-camera or in-person interviews.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | remoteok.com | 2025-03-27 | 2025-08-28 |
| DOMAIN | laborx.com | 2025-02-18 | 2025-08-28 |
| [email protected] | 2025-03-27 | 2025-03-27 | |
| URL | https://laborx.com/freelancers/… | 2025-03-27 | 2025-03-27 |
| URL | https://remoteok.com/@karlchong | 2025-03-27 | 2025-03-27 |
| URL | https://www.xing.com/profile/Ka… | 2025-03-27 | 2025-03-27 |
| URL | https://www.remotehub.com/karl.… | 2025-03-27 | 2025-03-27 |
Related Reports
Shares tag: ITWorker • Same author: NISOS
Shares tag: ITWorker • Same author: NISOS
Shares tag: ITWorker • Published within a month
Shares tag: ITWorker • Published within a month
Shares tag: ITWorker • Published within a month