Microsoft tracks North Korean remote IT worker activity as Jasper Sleet and says the operation has evolved since 2024 through wider use of AI, fraudulent identities, and remote-access tooling. The workers seek software, web development, and administrator roles across global industries, using stolen or rented identities, fake resumes, LinkedIn and GitHub profiles, VPNs, VPSs, proxy services, RMM tools, and facilitators with laptop farms to conceal their true location. Microsoft observed AI-enhanced headshots, improved employment documents, voice-changing software, playbooks, VPS/VPN accounts, job-site accounts, wallets, and payment records in material tied to suspected workers. The activity matters because it generates DPRK revenue while also giving insiders access that can enable theft of source code, intellectual property, trade secrets, and extortion.