PANews reported that North Korean IT personnel used fake identities and compromised accounts to secure developer roles, with activities tied to a $680,000 cyber attack on the Favrr platform.
On August 13th, PANews reported that ZachXBT revealed a source hacked North Korean IT personnel devices, discovering a scheme where a small team used over 30 fake identities to obtain developer positions, purchased Upwork and LinkedIn accounts with government IDs, and operated through AnyDesk. The breach involved data such as Google Drive exports, Chrome profiles, and screenshots, and linked wallet address 0x78e1 to a $680,000 attack on the Favrr platform in June 2025. The report also noted that the team utilized Google products to schedule tasks and purchase SSNs, AI subscriptions, and VPNs, with Russian IP traces and frequent use of Google Translate for Korean translations, highlighting challenges in recruitment oversight and service coordination.