North Korean remote IT workers are posing as freelance and remote employees to gain trusted access to companies, with Microsoft linking a major activity cluster to Jasper Sleet. The scheme targets U.S. and allied organizations, including technology, critical infrastructure, defense, and cryptocurrency-related firms, using stolen or fake identities, AI-enhanced resumes and photos, voice-changing tools, proxy infrastructure, and U.S.-hosted laptop farms to pass hiring and location checks. Once hired, the workers can access source code, internal systems, customer and financial data, cryptocurrency wallets, and restricted technical information, including one cited case involving export-controlled defense data. Law enforcement actions against laptop farms, financial accounts, fraudulent websites, and Microsoft’s suspension of thousands of linked Outlook and Hotmail accounts show the operation’s scale and why remote hiring controls now matter for DPRK cyber and sanctions-risk monitoring.