Fake profiles on job platforms, AI-generated faces in job interviews, stolen identities on CVs: According to US authorities, North Korea systematically smuggles IT workers into Western companies – and collects their salaries for its nuclear weapons program. The activities are part of a global cybercrime strategy. The US has imposed sanctions on six people and two organizations that keep the global network running as part of an ongoing campaign. Europe is also not a safe haven: a middleman operated from Spain. The Google Threat Intelligence Group is also observing more applications from North Korean IT specialists to companies in Europe in other parts of the continent.
Read more after the ad
When looking for suitable IT specialists, some US companies have apparently forgone any form of presence in recent years – even during job interviews. The FBI therefore advised in January 2025 that companies should at least carry out the hiring process face-to-face if possible. In some cases, the companies have apparently fallen for dubious recruiters.
Not just fake work, but also blackmail
If it were just collecting wages in exchange for work, some companies could probably even live with it if the money didn’t flow into weapons programs. But the US authorities warn that in individual cases such IT agents also resort to blackmailing companies. To do this, they smuggled malware into company networks and stole sensitive data. According to the FBI, source code was stolen and only released in exchange for money. Entire code repositories, for example on GitHub, have been transferred to your own accounts and private cloud storage.
The US Treasury Department puts the amount generated by North Koreans at $800 million in 2024 alone. However, this sum is only part of the revenue: North Korea is also said to have stolen two billion US dollars in cryptocurrency in a record year. The people now sanctioned include the CEO of a shell company in Vietnam that converted $2.5 million into cryptocurrency for North Koreans. The Spanish actor brokered freelance IT contracts, others coordinated the sending of IT workers abroad or carried out money laundering. In the USA, an aid worker was recently sentenced to a long prison term for smuggling in fake IT specialists from North Korea.
What the FBI advises companies
The FBI advises companies to be restrictive when granting access rights and to monitor network traffic and remote connections. The importance of a precise analysis was demonstrated at Amazon, where a minimal keyboard delay exposed a North Korean IT mole. External recruiters should also be vetted for how they make new hires.
Read more after the ad
Read also
(mki)
