Specialized capability
DPRK IT Worker Intelligence
North Korean IT workers generate revenue for the regime by posing as remote developers and contractors. Organizations hire them unknowingly — or face impersonation and infrastructure overlap with sanctioned activity. Cipher Cortex maintains a structured intelligence database and offers diligence reviews on suspicious applicants and vendors.
What the database tracks
- Individuals and group affiliations across known DPRK IT revenue cells
- Fake personas, resumes, and social profiles
- Selectors: emails, GitHub handles, domains, wallets, infrastructure
- Activity logs and timeline events with confidence context
- Cross-links between front companies, shared infrastructure, and known campaigns
Who it helps
Security teams, HR and talent, legal, fraud units, staffing platforms, crypto and tech firms hiring remote engineers, and government-adjacent research programs.
Methodology
Open-source collection, DOJ and public reporting correlation, live infrastructure enrichment, and analyst review. Access to the full application is granted to vetted users.
Database login is for approved Cipher Cortex personnel and partners only — not a public signup.
Need us to review a contractor, applicant, vendor, or suspicious persona? Submit an investigation request — we scope remote worker and DPRK IT worker diligence as a fixed engagement.