According to researchers, DPRK-affiliated IT workers are impersonating Polish and U.S. nationals to obtain roles as software engineers and full-stack blockchain developers. These positions provide access to corporate systems and sensitive financial information.
The individuals behind the scheme have built elaborate online personas. They use doctored profile photos, polished portfolio websites, and active accounts on various platforms to appear credible.
Fake Company Fronts the Operation
One front for the scam is a company called “Inspiration With Digital Living” (IWDL). It presents itself as a global freelance development firm but is part of the broader DPRK employment fraud network.
This approach marks a new stage in DPRK tactics. It is the first known case where such workers have created a fake development firm with a professional website to gain contract work from foreign companies.
Digital Identities and Online Patterns
Cybersecurity firm NISOS uncovered the network by analyzing activity on GitHub and portfolio sites. Researchers found consistent patterns in user profiles and technical claims, which helped expose the operation.
The fake developers often reused the same names and images across multiple accounts. Some profile photos featured pasted faces on stock photos. Others included unusual details, such as lion-themed avatars or the repeated use of the word “century” in email addresses.
Targeting Remote Work
These fake IT professionals focus on remote jobs, which are harder to verify in person. This strategy allows them to remain undetected for long periods.
The roles they secure often come with high pay. The money earned may help support DPRK’s state-run programs, including efforts to bypass international sanctions.
Beyond financial gains, the access granted by these jobs could pose serious security risks to company networks and data systems.
Clues in Portfolios and Language Use
Many of the fake developers have nearly identical portfolio sites hosted on platforms like GitHub.io and Vercel.app. These sites claim over 10 years of experience and reference fake projects such as an “Anti-Game-Cheat engine” with AI features.
The sites also include fictional client testimonials and vague projects. Language used in these testimonials often reflects non-native English, offering another clue to their fraudulent nature.
