SEAL Intel investigator Heiner (@0xfigo) delves into the ever-changing world of DPRK IT Workers. The latest report uncovers a new strategy - enhancing job fraud with a scalable model of actively recruiting outside collaborators to bypass identity checks.

DPRK actors pose as "recruiters" on platforms like Upwork & Freelancer. They convince users to hand over verified accounts, often by getting them to install remote access tools like AnyDesk, which allows North Koreans to operate under a legitimate identity.

The report covers: - Standardized recruitment scripts & PPTs (with derogatory descriptions of victims) - Mass harvesting of IDs (targeting specific regions) - Use of tools like Verif[.]tools for fake documents - Detailed chat logs instructing collaborators