""These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent applications appear legitimate," Security Alliance (SEAL) said in a series of posts on X."
""Once their salaries are paid, DPRK IT workers transfer cryptocurrency through a variety of different money laundering techniques," blockchain analysis firm Chainalysis noted in a report published in October 2025."
""One of the ways in which IT workers, as well as their money laundering counterparts, break the link between source and destination of funds on-chain, is through chain-hopping and/or token swapping. They leverage smart contracts such as decentralized exchanges and bridge protocols to complicate the tracing of funds.""
""high-volume revenue engine""
North Korean operatives are applying to remote positions using real LinkedIn accounts of individuals they impersonate. These profiles often include verified workplace emails and identity badges to increase perceived legitimacy. The operation, tracked as Jasper Sleet, PurpleDelta, and Wagemole, seeks steady revenue, intelligence collection, and opportunities to extort ransoms by stealing sensitive data. The campaign enables administrative access to codebases and persistence inside corporate infrastructure. Once salaries are paid, operatives transfer cryptocurrency and employ laundering techniques such as chain-hopping, token swapping, decentralized exchanges, and bridge protocols to obscure fund flows.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]