A shocking exposé by PANews reveals a North Korean IT team exploiting over 30 fake identities to gain entry into tech roles. These individuals allegedly purchased Upwork and LinkedIn accounts using government-issued IDs, then used AnyDesk for their remote work arrangements. The team’s data collection includes Google Drive exports, Chrome profiles, and screenshots, according to a source connected to the investigation, ZachXBT. A notable connection is a $680,000 attack on the Favrr platform in June 2025 linked to the same wallet address (0x78e1), further highlighting a clear pattern of cybercriminal activity. Their modus operandi utilizes Google products for task organization and purchases of SSNs, AI subscriptions, and VPNs. Analyzing their browsing history reveals frequent use of Google Translate for Korean translations, and IP addresses traced to Russia. While the challenges are significant in combatting these activities, a lack of vigilance from recruiters and inadequate collaboration between various services present substantial hurdles.