A joint investigation led by Mauro Eldritch, founder of BCA LTD , conducted together with threat-intel initiative NorthScan and ANY.RUN , a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea's most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group's Famous Chollima division.

For the first time, researchers managed to watch the operators work live , capturing their activity on what they believed were real developer laptops. The machines, however, were fully controlled, long-running sandbox environments created by ANY.RUN.

The Setup: Get Recruited, Then Let Them In

Screenshot of a recruiter message offering a fake job opportunity

The operation began when NorthScan's Heiner García imperson

See Full Page