Cyber: Dprk Operatives Impersonate Professionals On Linkedin To Infiltrate...
The information technology (IT) workers associated with the Democratic People's Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they're impersonating, marking a new escalation of the fraudulent scheme.
"These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent applications appear legitimate," Security Alliance (SEAL) said in a series of posts on X.
The IT worker threat is a long-running operation mounted by North Korea in which operatives from the country pose as remote workers to secure jobs in Western companies and elsewhere under stolen or fabricated identities. The threat is also tracked by the broader cybersecurity community as Jasper Sleet, PurpleDelta, and Wagemole.
The end goal of these efforts is two-pronged: to generate a steady revenue stream to fund the nation's weapons programs, conduct espionage by stealing sensitive data, and, in some cases, take it further by demanding ransoms to avoid leaking the information.
Last month, cybersecurity company Silent Push described the DPRK remote worker program as a "high-volume revenue engine" for the regime, enabling the threat actors to also gain administrative access to sensitive codebases and establish living-off-the-land persistence within corporate infrastructure.
"Once their salaries are paid, DPRK IT workers transfer cryptocurrency through a variety of different money laundering techniques," blockchain analysis firm Chainalysis noted in a report published in October 2025.
"One of the ways in which IT workers, as well as their money laundering counterparts, break the link between source and destination of funds on-chain, is through chain-hopping and/or token swapping. They leverage smart contracts such as decentralized exchanges and bridge protocols to complicate the tracing of funds."
To counter the threat, individuals who suspect their identities are being misappropriated in fraudulent job applications are advised to consider posting a warning on their social media accounts, along with listing their official communication channels and the verification method to contact them (e.g., company email).
"Always validate that accounts listed by candidates are controlled by the email they provide," Security Alliance said. "Simple checks like asking them to connect with you on LinkedIn will verify their ownership and control of the account."
The disclosure comes as the Nor
Source: The Hacker News
