The individuals are allegedly working for North Korea’s 313th General Bureau, under the DPRK’s Ministry of Munitions Industry.

It’s part of a broader effort to counter Pyongyang’s use of tech professionals to fool U.S. companies and nonprofits.

The mixer was sanctioned after a North Korea hacking group used the software to launder more than $455 million.

Researchers can’t tell if the malware was used in a campaign, or North Korean operatives were caught before they could deploy it in the wild.

SecureWorks has released research that dives into the tell-tale behaviors behind remote employees that may be working on behalf of North Korea.

Michael Barnhart, DPRK Operations at Mandiant

One example, said Gen. Timothy Haugh, was moving $140 million swiftly for training improvements.

Matthew Knoot allegedly ran a laptop farm that funneled hundreds of thousands of dollars back to North Korea.

U.S. prosecutors say Rim Jong Hyok used ransom payments from American health care providers to steal military secrets.

The newly designated APT45 pursues military intelligence but has been expanding its targets, Mandiant says.