An unnamed source recently compromised a DPRK IT worker device
Contents
1/ An unnamed source recently compromised a DPRK IT worker device which provided insights into how a small team of five ITWs operated 30+ fake identities with government IDs and purchased Upwork/LinkedIn accounts to obtain developer jobs at projects.
2/ An export of their Google Drive, Chrome profiles, and screenshots from their devices was obtained.
Google products were extensively used by them to organize their team’s schedules, tasks, and budgets with communications primarily in English.
3/ Another spreadsheet shows weekly reports for team members from 2025 which provides insight into how they operate and what they think about.
“I can't understand job requirement, and don't know what I need to do”
“Solution / fix: Put enough efforts in heart”
4/ A spreadsheet for expenses shows them purchasing SSNs, Upwork/LinkedIn accounts, phone numbers, AI subscriptions, computer rentals and VPNs/proxies.
5/ Here is a spreadsheet that shows the meeting schedules for jobs and …
2/ An export of their Google Drive, Chrome profiles, and screenshots from their devices was obtained.
Google products were extensively used by them to organize their team’s schedules, tasks, and budgets with communications primarily in English.
3/ Another spreadsheet shows weekly reports for team members from 2025 which provides insight into how they operate and what they think about.
“I can't understand job requirement, and don't know what I need to do”
“Solution / fix: Put enough efforts in heart”
4/ A spreadsheet for expenses shows them purchasing SSNs, Upwork/LinkedIn accounts, phone numbers, AI subscriptions, computer rentals and VPNs/proxies.
5/ Here is a spreadsheet that shows the meeting schedules for jobs and …