A trove of internal documents stolen from North Korean IT workers and presented at the Black Hat and DEF CON conferences in Las Vegas lays bare an industrial-scale effort by Pyongyang to place software developers inside Western companies. Cyber-researcher “SttyK” said the cache—several dozen gigabytes of e-mails, spreadsheets and Slack logs—shows 12 teams of about a dozen operatives each reporting to a single “master boss.” Some workers managed more than 30 fabricated identities, complete with forged passports and purchased Upwork or LinkedIn accounts, to secure remote jobs. The spreadsheets track job leads, hourly rates and money remitted, confirming United Nations assessments that the programme funnels between US$250 million and US$600 million annually to North Korea’s sanctioned weapons projects. The material details priority targets such as artificial-intelligence, blockchain and Web3 roles at Fortune 500 firms, crypto exchanges and smaller software houses, and documents 14-hour workdays enforced by supervisors. Separate research released at DEF CON identifies a Chinese national allegedly embedded in the DPRK-linked Kimsuky group—the first publicly documented case of a foreigner working inside North Korea’s state cyber-operations. Analysts say the finding underscores the regime’s willingness to outsource talent as it expands espionage and revenue-generation campaigns. The private sector is already feeling the pressure. Binance chief security officer Jimmy Su said the exchange discards suspicious résumés “every day,” citing applicants who use voice changers, deep-fake video and chronically slow connections. Su called DPRK operatives the single biggest threat to the crypto industry and warned that the same groups seed malicious code in open-source libraries and conduct phishing interviews to compromise employees elsewhere. Washington and its allies have long warned about North Korea’s remote-worker schemes, but investigators say the leaked data provide the clearest view yet of day-to-day operations, quotas and command structures. Companies are being urged to tighten applicant screening, monitor code dependencies and share threat intelligence as Pyongyang’s cyber workforce grows more sophisticated.