The DPRK Developer on Your Payroll Runs Over a KVM Dongle and an RMM Tool. The Interview Never Caught It; Your Endpoint and Connection Logs Can
Eight US-based ‘laptop farmers’ sentenced in five months, across cases spanning more than 100 US companies in one prosecution and nearly 70 in others: the North Korean IT worker is already on payroll, and what resolves it is correlating unauthorized remote-access tooling with the connection and endpoint telemetry it throws off — not the hiring interview, and not sign-in geography alone.