Famous Chollima operators used stolen professional identities, fake resumes, and live AI face filters to impersonate software-engineering candidates during remote hiring. The campaign targeted crypto, Web3, finance, HR consulting, software publishers, and some civil engineering or architecture roles, aiming to win internal access for espionage and financial theft. The actors hid their location with Astrill VPN, European hops, U.S. residential IP addresses, and remote desktop tools, then deleted LinkedIn and other profiles after interviews. The source cites warning signs such as smoothed faces, poor lip and teeth synchronization, inability to answer in the claimed native language, and hiring-pipeline anomalies that defenders can correlate with VPN, identity-provider, and remote-access logs.