North Korea's Remote Worker Scam

Since the notion of artificial intelligence (AI) emerged in the 1950s, it has been a staple of pop culture. While there are countless good news scenarios of AI's potential positive impact on our world, many rational people saw it as a Pandora's Box. The sci-fi world is replete with stories of AI underpinned masses running amok and eviscerating humankind. Be it a formidable army of cyborg warriors that overwhelms us or an innocuous, uncountable cluster of smart bots that eventually outwits us, we have imagined a potential Armageddon in countless ways.

While pop culture has introduced its share of AI-induced terrors, there are a million others that we likely never considered. In fact, some real-world scenarios seem more implausible than anything we imagined. For instance, if you had North Korea creating online personas to steal your remote job and to fund the country's weapons program on your Bingo card – raise your hand.

Today, about a quarter of the United States workforce (~35 million people) conducts their duties remotely. Add to that a nearly infinite number of workers still seeking remote work, and you have a forest of workers so large you cannot identify each of the trees. That is precisely what the North Koreans are taking advantage of.

How does it work? It's pretty simple. North Korean cyber actors either steal legitimate credentials or leverage AI to develop deepfake personas with credentials more impeccable than any real candidate. From there, they are a ChatGPT button press away from creating an excellent resume/CV. Another button press generates a cover letter that sweeps hiring managers off their feet, and a star is born—and soon hired.

The impact? Multi-fold. One, workers with solid credentials seeking remote work remain sidelined, contributing to US unemployment numbers. Two, North Korea gets a foothold within US organizations, enabling access to all of its intellectual property (IP) (not to mention upstream and downstream IP from partner companies). Third, these 'employees' salaries go into the coffers of the North Korean government to fund any variety of nefarious activity, from building bioweapons to further building offensive cyber operations capabilities like this one.

And it is not just the salaries that fund the programs. Once inside, there are myriad opportunities to pilfer money. Simply stealing company funds or launching a ransomware attack are the two most prominent.

According to Microsoft, since 2020, the US government has discovered that more than 300 US companies unknowingly hired such impostors. Of course, being sophisticated nation-state-sponsored actors, these operators (spies) often target companies operating within our critical infrastructure – usually posing as information technology professionals to gain administrative-level controls across critical organizations. In fact, in early 2025, the Justice Department indicted three North Korean nationals who generated nearly $1 million in revenue from US companies.

How can you be sure that the next remote worker you hire is legitimate and not a North Korean spy? While no method is foolproof, common sense and solid verification practices will usually carry the day. I highly recommend the following:

• Conduct as much of the hiring process in person as possible.

• Ensure that you get multiple forms of government-provided identification

• If you work with a 3rd party staffing firm, ask about their awareness of this threat and what they are doing to combat it

• Even if there is a cost associated, mandate in-person meetings at least once per year

My personal favorite suggestion comes from Adam Meyers, senior vice president of Counter Adversary Operations at CrowdStrike. He instructs interviewers to ask, "How fat is Kim Jong Un?" It's not a joke. North Korean operators will be very reluctant to criticize the Supreme Leader in any way and often will answer evasively or terminate the call!

As with anything else, attention to detail, adherence to cybersecurity best practices, and common sense will enable success. Without those elements at work, your next hire may not be who you think they are.

Stay vigilant!