DPRK Employment Scam Network Targets Remote Tech Jobs
Contents
Threat Analysis
Saja DPRK Employment Scam Network
Executive Summary
Nisos is tracking an IT worker employment scam network posing as Polish and US nationals with the goal of obtaining employment in remote engineering and full-stack blockchain developer roles. Threat actors in this network are using GitHub accounts, portfolio websites, freelancer accounts, and a global freelance software development company, Inspiration With Digital Living (IWDL), to trick companies into hiring them for full-time remote positions and project-based freelance jobs. This network is the first indication that possibly DPRK-affiliated IT workers are setting up fake freelance software development companies with legitimate looking websites to gain freelancer work.
Several indicators suggest that the network is likely affiliated with the Democratic People’s Republic of Korea (DPRK). Nisos identified the following tactics, techniques, and procedures (TTPs) commonly attributed to DPRK employment fraud actors on the network’s GitHub accounts, portfolio websites, and IWDL’s website:
- GitHub accounts exhibited an unusual consistency in …
Saja DPRK Employment Scam Network
Executive Summary
Nisos is tracking an IT worker employment scam network posing as Polish and US nationals with the goal of obtaining employment in remote engineering and full-stack blockchain developer roles. Threat actors in this network are using GitHub accounts, portfolio websites, freelancer accounts, and a global freelance software development company, Inspiration With Digital Living (IWDL), to trick companies into hiring them for full-time remote positions and project-based freelance jobs. This network is the first indication that possibly DPRK-affiliated IT workers are setting up fake freelance software development companies with legitimate looking websites to gain freelancer work.
Several indicators suggest that the network is likely affiliated with the Democratic People’s Republic of Korea (DPRK). Nisos identified the following tactics, techniques, and procedures (TTPs) commonly attributed to DPRK employment fraud actors on the network’s GitHub accounts, portfolio websites, and IWDL’s website:
- GitHub accounts exhibited an unusual consistency in …
IoC
http://GitHub.io
https://veteransoftdev.github.io
https://dedicatedsoftwaredev.github.io
https://cleversofter.github.io
https://seasonedsoftdev.github.io
https://goodwork0903.github.io
https://softwarepassioner.github.io
https://portfolio-ideal-softer.vercel.app
http://vercel.app
https://www.nisos.com
https://veteransoftdev.github.io
https://dedicatedsoftwaredev.github.io
https://cleversofter.github.io
https://seasonedsoftdev.github.io
https://goodwork0903.github.io
https://softwarepassioner.github.io
https://portfolio-ideal-softer.vercel.app
http://vercel.app
https://www.nisos.com