OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

Zerowl

March 18, 2026

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

The Office of Foreign Assets Control (OFAC) at the U.S This article explores jasper sleet tradecraft. . Department of the Treasury has punished six people and two organizations for taking part in the Democratic People's Republic of Korea (DPRK) information technology (IT) worker scheme, which was meant to trick U.S. businesses and give the regime illegal money to pay for its weapons of mass destruction (WMD) programs.

"The North Korean government goes after American businesses through dishonest schemes run by its IT workers abroad, who steal sensitive information and threaten businesses with big payments," said Secretary of the Treasury Scott Bessent.

Coral Sleet/Jasper Sleet, PurpleDelta, and Wagemole are all names for the same scam. It uses fake documents, stolen identities, and made-up personas to help IT workers hide their true identities and get jobs at real companies in the U.S. One important thing about Jasper Sleet's tradecraft is that he uses artificial intelligence to make fake identities, do social engineering, and stay in business for a long time at a low cost. This shows how AI-powered services can make it easier for threat actors to do their jobs and make them more powerful.

Microsoft said, "Jasper Sleet uses AI throughout the attack lifecycle to get hired, stay hired, and misuse access at scale."

"Threat actors are using AI to speed up the reconnaissance process that helps them create realistic digital personas that are specific to certain job markets and roles." Another important part is using an AI program called Faceswap to put the faces of North Korean IT workers into stolen identity documents and make professional-looking headshots for resumes. These efforts are not only meant to make their campaigns more accurate, but also to make them more credible by creating believable digital identities.

Also, the threat of remote IT workers is thought to have used agentic AI tools to make fake company websites and quickly create, improve, and reimplement malware components, sometimes by jailbreaking large language models (LLMs).

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

Trending News

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Wartime Usage of Compromised IP Cameras Highlight Their Danger

Wartime Usage of Compromised IP Cameras Highlight Their Danger

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

China improves the backdoor it uses to spy on telecom companies around the world.

China improves the backdoor it uses to spy on telecom companies around the world.

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Attacks on infrastructure that have physical effects are down 25%.

Attacks on infrastructure that have physical effects are down 25%.

How mistakes can help businesses improve their security programs

How mistakes can help businesses improve their security programs