USA 
United Kingdom
Thousands of fake IT workers from North Korea have infiltrated US companies, using stolen or fabricated identities to gain employment and covertly fund Kim Jong Un’s weapons program.
According to Fortune, the FBI, US Treasury, and State Department estimate that the scheme has generated hundreds of millions of dollars annually since 2018, with North Korean software engineers posing as US-based developers to secure remote jobs with major corporations.
The workers funnel their salaries directly to the regime, supporting banned nuclear weapons and missile development.
Security teams at Fortune 500 companies have been caught off guard by the scale and sophistication of the operation, which intelligence experts say has evolved into a dual threat of espionage and income generation.
AI helping create fake candidates
Using advanced AI tools, North Korean operatives craft convincing résumés and even manipulate voice and video feeds to mask their identities.
Michael Barnhart, an intelligence leader at Google Cloud, said North Korean teams based in China and Russia are leveraging AI to fabricate profiles and submit bulk job applications using stolen American credentials.
Some operatives have even formed shell companies posing as US-based agencies or IT contractors, fooling businesses into outsourcing work to what they believe are legitimate firms.
“Your money isn’t going to a yacht, it’s going to fund nuclear munitions,” Barnhart said.
Fake IT workers fooling HR and recruiters
Among those targeted are fast-growing startups, where hiring processes may lack the same level of security as larger firms. Harrison Leggio, founder of crypto startup g8keep, estimates that 95% of applicants to his job postings are North Korean operatives posing as American developers.
He now screens candidates with an unusual test that few North Koreans will pass—he asks them to criticise Kim Jong Un during the interview. A move that has caused applicants to panic or disappear.
Others in the startup community have adopted similar tactics, while cybersecurity professionals are racing to improve detection, the scheme is becoming harder to stop.
AI is enabling operatives to juggle multiple jobs at once and adapt quickly to background checks. In some cases, US residents have knowingly assisted the regime. A woman in Arizona recently pleaded guilty to helping place North Korean workers at hundreds of companies, including top banks and aerospace manufacturers.
Cybersecurity specialist CrowdStrike reported that the group it refers to as “Famous Chollima” was responsible for more than 300 incidents in 2024 alone.
The firm warns the threat is likely to expand into Europe and Asia in 2025 as tactics become more aggressive and sophisticated.
HR departments are being urged to strengthen verification practices by using geolocation, mandatory camera-on interviews, and ID-check tools.
Gartner’s Emi Chiba recommends ongoing re-verification of remote workers to ensure identities are authentic and locations legitimate.
“What we’re seeing now are real Americans lending their identities—real names, faces, documents. Everything checks out,” said Aidan Raney, founder of Farnsworth Intelligence, who infiltrated the network during an investigation. “There’s nothing stopping these hires.”
The FBI continues to offer rewards for tips leading to arrests, and multiple North Korean operatives remain on the bureau’s cyber most-wanted list.
