From North Korean IT Workers to IT recruiters

2025-11-07 Security Alliance

https://radar.securityalliance.org/from-north-korean-it-workers-to-it-recruiters/

Thumbnail for From North Korean IT Workers to IT recruiters

Security Alliance reports that DPRK-linked IT workers have expanded from seeking fraudulent employment into recruiter-style operations that enlist collaborators on platforms such as Upwork, Freelancer, Fiverr, and RandstadUSA. The observed workflow uses scripted outreach, verified or proxy identities, account-registration guidance, identity-verification steps, credential sharing, and movement to Telegram, Discord, or email. In multiple cases, targets surrendered full access to freelance accounts or installed remote-access tools such as AnyDesk or Chrome Remote Desktop, letting operators work under the victim’s verified identity and IP address. Documents, presentations, Korean-language materials, and monitored profiles suggest a repeatable shared methodology, though the excerpt does not determine whether recruiters are a distinct role or IT workers adapting their tactics. This evolution matters because it scales DPRK revenue-generation activity while helping actors bypass platform verification and reduce direct exposure.

Indicators of Compromise

Type Value First Seen Last Seen
DOMAIN us.bold.pro 2025-11-07 2025-12-04
URL https://mobirise.com 2025-11-07 2025-11-07
URL https://latium.org/groups 2025-11-07 2025-11-07
URL https://go.screenpal.com/watch/… 2025-11-07 2025-11-07
URL https://hiringneartalent.com 2025-11-07 2025-11-07
URL https://www.postman.com 2025-11-07 2025-11-07
URL https://www.freelancer.com 2025-11-07 2025-11-07
URL https://www.dreamstime.com 2025-11-07 2025-11-07
URL https://www.randstadusa.com 2025-11-07 2025-11-07
URL https://www.codingame.com 2025-11-07 2025-11-07
URL https://nanogames.io 2025-11-07 2025-11-07
URL https://www.freelancermap.com 2025-11-07 2025-11-07
URL https://codedthemes.com 2025-11-07 2025-11-07
URL https://interpals.net 2025-11-07 2025-11-07
URL https://smsbower.com 2025-11-07 2025-11-07
URL https://cloudzy.com 2025-11-07 2025-11-07
URL https://proxy6.net 2025-11-07 2025-11-07
URL https://cwallet.com 2025-11-07 2025-11-07
URL https://www.informer.com 2025-11-07 2025-11-07
URL https://www.wappalyzer.com 2025-11-07 2025-11-07
URL https://poe.com 2025-11-07 2025-11-07
URL https://vuemastery.com 2025-11-07 2025-11-07
URL https://dashboardpack.com 2025-11-07 2025-11-07
URL https://polyglotclub.fr 2025-11-07 2025-11-07
URL https://rizzlysms.com 2025-11-07 2025-11-07
URL https://usavps.com 2025-11-07 2025-11-07
URL https://ablehere.com 2025-11-07 2025-11-07
URL https://www.sendgb.com 2025-11-07 2025-11-07
URL https://spaceproxy.net 2025-11-07 2025-11-07
URL https://kadrof.ru 2025-11-07 2025-11-07
URL https://follow.it 2025-11-07 2025-11-07
URL https://mailtrack.io 2025-11-07 2025-11-07
URL https://vps2day.com 2025-11-07 2025-11-07
URL https://www.kaggle.com 2025-11-07 2025-11-07
URL http://monster.com 2025-11-07 2025-11-07
URL https://iproyal.com 2025-11-07 2025-11-07
URL https://designrevision.com 2025-11-07 2025-11-07
URL https://themewagon.com 2025-11-07 2025-11-07
URL https://smspva.com 2025-11-07 2025-11-07
URL https://www.golance.com 2025-11-07 2025-11-07
URL https://www.skymavis.com 2025-11-07 2025-11-07
URL https://www.hellotalk.com 2025-11-07 2025-11-07
URL https://www.hinative.com 2025-11-07 2025-11-07
URL https://www.bestbuddies.org 2025-11-07 2025-11-07
URL https://us.bold.pro 2025-11-07 2025-11-07
URL https://xdevs.ltd 2025-11-07 2025-11-07
URL https://www.myprepaidcenter.com 2025-11-07 2025-11-07
URL https://sms.usmobilenumbers.com 2025-11-07 2025-11-07
URL https://www.creative-tim.com 2025-11-07 2025-11-07
URL https://envato.com 2025-11-07 2025-11-07
URL https://www.pixtastock.com 2025-11-07 2025-11-07
URL https://temp-number.org 2025-11-07 2025-11-07
URL https://www.axcrypt.net 2025-11-07 2025-11-07
URL https://coinsbee.com 2025-11-07 2025-11-07
URL https://www.openstreetmap.org 2025-11-07 2025-11-07
URL https://jasonsavard.com 2025-11-07 2025-11-07
URL https://www.devwares.com 2025-11-07 2025-11-07
URL https://pdfguru.com 2025-11-07 2025-11-07
DOMAIN temp-number.org 2025-11-07 2025-11-07
DOMAIN proxy6.net 2025-11-07 2025-11-07
DOMAIN themewagon.com 2025-11-07 2025-11-07
DOMAIN poe.com 2025-11-07 2025-11-07
DOMAIN follow.it 2025-11-07 2025-11-07
DOMAIN dashboardpack.com 2025-11-07 2025-11-07
DOMAIN mobirise.com 2025-11-07 2025-11-07
DOMAIN ablehere.com 2025-11-07 2025-11-07
DOMAIN coinsbee.com 2025-11-07 2025-11-07
DOMAIN rizzlysms.com 2025-11-07 2025-11-07
DOMAIN latium.org 2025-11-07 2025-11-07
DOMAIN vps2day.com 2025-11-07 2025-11-07
DOMAIN designrevision.com 2025-11-07 2025-11-07
DOMAIN nanogames.io 2025-11-07 2025-11-07
DOMAIN interpals.net 2025-11-07 2025-11-07
DOMAIN hiringneartalent.com 2025-11-07 2025-11-07
DOMAIN cwallet.com 2025-11-07 2025-11-07
DOMAIN go.screenpal.com 2025-11-07 2025-11-07
DOMAIN sms.usmobilenumbers.com 2025-11-07 2025-11-07
DOMAIN codedthemes.com 2025-11-07 2025-11-07
DOMAIN usavps.com 2025-11-07 2025-11-07
DOMAIN cloudzy.com 2025-11-07 2025-11-07
DOMAIN spaceproxy.net 2025-11-07 2025-11-07
DOMAIN jasonsavard.com 2025-11-07 2025-11-07
DOMAIN smsbower.com 2025-11-07 2025-11-07
DOMAIN pdfguru.com 2025-11-07 2025-11-07
DOMAIN polyglotclub.fr 2025-11-07 2025-11-07
DOMAIN mailtrack.io 2025-11-07 2025-11-07
DOMAIN xdevs.ltd 2025-11-07 2025-11-07
DOMAIN kadrof.ru 2025-11-07 2025-11-07
DOMAIN iproyal.com 2025-11-07 2025-11-07
DOMAIN smspva.com 2025-02-18 2025-11-07

Related Reports

« Back