North Korean IT Workers Pose As Americans To Secure Remote Jobs, Fund Weapons Programs

Federal prosecutors have charged an Arizona woman and four others with facilitating a North Korea-linked scheme that helped the country’s IT workers pose as U.S. citizens to secure remote tech jobs at more than 300 American companies. The workers used these salaries to fund North Korea’s missile program.

The scheme, which generated at least $6.8 million in revenue, involved North Koreans using the identities of over 60 U.S. people in their job applications and relying on VPNs to disguise their computers’ locations. The workers are linked to the regime’s Munitions Industry Department, which oversees its ballistic missiles and weapons production programs.

Remote hiring practices have made it easier for North Korean IT workers to deceive hiring managers who previously relied on in-person interviews to detect imposters. These issues could be exacerbated as AI technologies improve at creating more realistic deepfake video and audio.

Greg Lesnewich, senior threat researcher at Proofpoint, warned that this is likely just the “tip of the iceberg” and that similar scams are probably happening worldwide on a larger scale than we might be prepared to handle.

The U.S. government has been warning American companies about this threat for at least two years, as North Korean workers seek freelance employment contracts in North America, Europe and East Asia to bypass sanctions and earn higher salaries.