Bitso’s Quetzal Team describes an attempted DPRK IT worker infiltration in which a suspicious applicant using a Mexican identity moved through engineering interviews before being rejected. The team links the activity to “Famous Chollima” style wage-mole operations, where North Korean operatives seek legitimate remote jobs while creating opportunities for corporate espionage or fund theft. The observed tradecraft included cloned identities, mismatched language and cultural claims, suspicious interview behavior, possible use of multiple operators for screening and technical tasks, and rapid deletion of LinkedIn, WhatsApp, and Telegram accounts after rejection. The post provides partial IOCs including an email address and phone number, and warns that these actors may quickly clone LinkedIn profiles, requiring hiring teams to focus on controlled artifacts such as emails, phone numbers, IPs, and identity verification rather than surface profile details.