ZachXBT revealed that North Korean IT personnel manipulated over 30 fake identities to carry out cyber attacks

According to news from Hashchain, ZachXBT revealed that an informant successfully hacked into the devices of North Korean IT personnel and discovered that the team used over 30 fake identities to obtain developer positions. These identities purchased Upwork and LinkedIn accounts using government IDs and operated via AnyDesk. Related information also includes data exported from Google Drive, Chrome profiles, and screenshots. Wallet address 0x78e1 is closely linked to a planned $680,000 attack on the Favrr platform in June 2025, and more identities of North Korean IT personnel have been confirmed. The team used Google products to schedule tasks and purchased tools such as SSNs, AI subscriptions, and VPNs. Some browsing history shows frequent use of Google Translate to translate Korean, with IP addresses located in Russia. The negligence of recruiters and the lack of cooperation between services are the main challenges in combating such behavior.