Flashpoint details DPRK remote IT worker operations in which North Korean operatives pose as freelance developers, IT staff, and contractors to gain trusted access inside organizations worldwide. The activity relies on long-lived fake personas, “parallel identities,” generative AI for interview and profile support, VPNs and proxies such as Astrill, DPRK-linked tools such as NetKey and oConnect, and remote-control tooling including AnyDesk, VMware Workstation, OBS, ManyCam, and PiKVM. The report describes laptop farms and U.S.-based facilitators as key infrastructure for receiving corporate devices, providing domestic network access, handling identity verification, and moving revenue through payment platforms and cryptocurrency. Flashpoint says the schemes have siphoned at least $88 million and directly support DPRK weapons programs, making hiring controls, device-location checks, software monitoring, and network anomaly detection operationally important.