An investigation by Cointelegraph has uncovered a group of threat actors attempting to secure freelancing gigs in the cryptocurrency industry, led by cyber threat intelligence expert Heiner Garcia. Garcia’s analysis connected a suspected North Korean operative, who goes by the name “Motoki,” to a network of GitHub accounts and fake Japanese identities linked to North Korean operations. The suspected DPRK operative accidentally exposed ties to a cluster of North Korean threat actors during a dummy job interview set up by Garcia. The investigation revealed that Motoki, posing as a Japanese developer, displayed inconsistent behavior, leading to suspicions about his true identity. Linguistic clues and behavior during the interview pointed to North Korean origins. Motoki’s slip-ups, like sharing his screen and offering revealing details, indicated a connection to a higher-level DPRK operative known as “bestselection18.” The investigation also unveiled a North Korean tactic where Motoki offered to send money to buy a computer for remote access, bypassing the need for a VPN connection. The findings were published on an open-source investigative platform. The suspected DPRK operative disappeared after the investigation. Such incidents highlight the recurring issue of DPRK operatives targeting tech industries, including major crypto exchanges. The UN estimates that North Korean IT workers generate significant revenue for the regime, funding its weapons program, including nuclear warheads. Recent reports suggest the presence of North Korean cyber spies attempting to infiltrate various sectors, posing a significant threat to cybersecurity in India and globally.