North Korean spies disguise as remote workers infiltrate western companies

08/04/2025 Security

I don't know about you, but the idea of North Korean spies infiltrating Western companies is the kind of thing you see in movies, right? Well, according to security researchers at CrowdStrike, it's happening – and at an alarming rate. Apparently, these spies are posing as remote IT workers to generate income for the North Korean regime. This isn't some small-time operation; it's a well-organized scheme that's reportedly seen a massive surge in the last year.

The report from CrowdStrike says that they've spotted over 320 incidents in the past 12 months, a whopping 220% increase from the year before. That's a LOT of fake developers! These North Koreans are using fake identities, resumes, and work histories to get hired by Western companies. While they're busy coding (or pretending to), they're also siphoning off data and extorting their employers. Pretty sneaky, huh?

So, what's the end game? Funding North Korea's nuclear weapons program, of course. It's estimated that this program has already raked in billions of dollars for the regime. It's hard to say exactly how many North Korean IT workers are currently employed by unsuspecting companies, but some estimates put the number in the thousands. That's a scary thought.

AI to the Rescue (for the Spies, Anyway)

To make matters worse, these spies are using AI to help them get away with their deception. They're using generative AI to craft convincing resumes and even deepfake their appearance during remote interviews. It's crazy how technology can be used for both good and evil, isn't it?

Look, this isn't a brand new scheme, but it's becoming increasingly successful. Even with sanctions in place, these North Koreans are finding ways to land jobs at U.S. companies. So, what can be done to stop this? CrowdStrike suggests implementing better identity verification processes during hiring.

I heard a crazy story of crypto companies that would ask potential employees to badmouth Kim Jong Un. The idea is that heavily monitored North Korean spies wouldn't be able to comply, thus revealing themselves. It's a bit extreme, but it shows how seriously some companies are taking this threat.

The U.S. Department of Justice is also trying to crack down on these operations by targeting the U.S.-based facilitators who help run the scheme. This includes going after the people who manage "laptop farms," where North Koreans remotely do their work as if they were physically in the U.S.

Prosecutors said one North Korean operation stole the identities of 80 people in the U.S. between 2021 and 2024 to get remote work at over 100 U.S. companies. In the end, It is a constant battle of cat and mouse, and companies need to be more vigilant than ever to protect themselves from these types of threats.