dprk-it-worker-scam.pdf (2 MB)

Nisos uses the July 2024 case of a U.S. security awareness company hiring a North Korean hacker under a stolen identity to outline DPRK remote IT worker hiring risks. The scheme relies on fake personas and stolen U.S. identities to obtain remote software roles, including positions with access to company systems and sensitive data. The guidance highlights screening signals such as camera or in-person interview avoidance, equipment shipping address changes after offer acceptance, and inconsistencies in applicant or reference details. The report is defensive rather than malware-focused, but it documents practical controls for reducing exposure to DPRK IT worker employment fraud.