North Korean IT recruiters, particularly from the Chollima group, have developed a scheme to lure engineers into renting their identities for illegal fundraising. They use stolen identities and advanced AI techniques, including deep fake videos, to secure jobs at major companies. Some recruiters even convince legitimate engineers to act as frontmen, allowing DPRK agents to pose as them during remote job interviews. These frontmen receive a cut of the salary, while the agents use their computers to hide their true locations. Mauro Eldritch, a hacker and threat intelligence specialist, documented this operation through encounters with DPRK agents seeking engineers. He found multiple GitHub accounts advertising recruitment for technical roles, promising around $3,000 per month. Eldritch and fellow researcher Heiner García created a fake identity and set up a controlled environment to interact with a North Korean recruiter. They managed to extract information about the recruitment process and the technology used by the agents, including AI tools to automate job applications and interview responses. During their interactions, the researchers observed the recruiter asking for sensitive information, such as social security numbers and job verification details. The agents utilized Astrill VPN for remote access, a tactic common among North Korean operatives. The researchers employed various strategies to stall the agent’s progress, gathering valuable intelligence on the operation, the individuals involved, and the methods being used. This data could help organizations enhance their defenses and recognize potential infiltration attempts.