SentinelOne describes North Korean IT workers using fraudulent employment to enter U.S. companies, earn revenue for the DPRK, and create security exposure inside corporate networks. The report cites the August 2024 Justice Department case against Matthew Isaac Knoot, who allegedly hosted company laptops in Tennessee and installed remote-access software so overseas DPRK workers could operate under false identities. It also uses the KnowBe4 incident to show the post-hire risk: a North Korean worker received a Mac workstation and quickly attempted to load malware. Recommended defenses focus on stronger identity checks, reference validation, geolocation and device controls, remote-access restrictions, and insider-threat monitoring.