Nisos identified a DPRK state-sponsored employment fraud cell that submitted more than 170,000 job applications to US companies between December 2024 and September 2025, producing 76 employment offers across 22 operatives. The operation used appropriated identities, forged or fraudulently obtained documentation, AI-assisted interviews, US-based facilitators managing laptop farms, and mutual persona-based reference checks to infiltrate technology-sector employers. Nisos attributed the activity to DPRK with high confidence based on operational patterns and technical indicators including Astrill VPN use, PiKVM remote access devices, Tailscale mesh VPN, cryptocurrency payments, and messages suggesting some operatives were in or near Taraksan, North Korea. The activity was primarily financially motivated employment fraud intended to generate revenue for the regime rather than conventional intrusion or theft operations.