DomainTools details a DPRK remote IT worker ecosystem coordinated around Reconnaissance General Bureau activity, including Andariel-linked Song Kum Hyok and facilitators who helped North Korean workers pose as legitimate remote hires. The scheme uses stolen or forged identities, AI-enhanced profiles, freelancing platforms, GitHub aliases, laptop farms, KVM switches, remote desktop access, shell companies, and payment processors to obtain jobs at U.S. and international technology firms. Once embedded, the workers can access source repositories, Slack, CI/CD systems, financial dashboards, cloud environments, intellectual property, and production code while routing wages through crypto wallets, front companies, OTC brokers, and other laundering channels. The report matters because it frames DPRK IT labor as both sanctions-evasion infrastructure and an insider-access risk to companies that rely on weak remote hiring and identity verification controls.