SentinelLabs linked several active software-consulting front companies to the DPRK IT worker scheme and to a wider set of organizations being created in China. The report describes websites for Independent Lab LLC, Shenyang Tonywang Technology, Tony WKJ LLC, and HopanaTech that presented themselves as legitimate outsourcing or software-development firms while copying content and branding from real companies such as Kitrum, Urolime, ArohaTech, and ITechArt. Several domains used NameCheap registration and overlapping hosting, including InterServer infrastructure at 174.138.181[.]198, while HopanaTech used Asia Web Services hosting. The activity supports North Korean revenue generation by helping IT workers appear to be non-DPRK professionals and front companies when seeking remote work or client engagement.