Chollima Group found an exposed Google Drive folder tied to a North Korean IT worker that contained identity documents, resumes, payment records, notes and IP Messenger chat logs from late 2022 to early 2023. The logs show roughly 500 direct messages across about 100 hosts on a local network where workers discussed software development, freelancing, shared files linked to NetKey and OConnect, and references to Kim Chaek University and Chongjin. The source assesses the logs as likely originating from a network used by DPRK IT workers, with evidence of shared facilities, job and persona trading, account rentals, and facilitator relationships. The reporting is useful because it exposes the internal coordination and business mechanics behind DPRK remote worker revenue operations rather than a malware delivery chain.