The world of remote work has opened up incredible opportunities for both companies and workers. However, it has also created new vulnerabilities that cybercriminals and even nation-states are eager to exploit.
One of the most alarming trends to emerge in recent years is the infiltration of US tech companies by North Korean cyber operatives. These operatives are not just after sensitive data, they are using their positions to funnel millions of dollars back to Pyongyang, funding the country’s weapons program. Let’s break down how this scheme works, why it is so difficult to stop, and what companies can do to protect themselves.
North Korea’s playbook: Fake identities and deepfakes
North Korean operatives start by creating convincing fake identities, often using stolen personal information like Social Security numbers and addresses from real Americans. With these details, they set up professional-looking LinkedIn profiles and apply for remote IT jobs en masse. Recruiters and hiring managers, often overwhelmed by the sheer volume of applicants and the ongoing shortage of cybersecurity talent, may not spot the red flags.
Once these operatives land an interview, they sometimes use AI-generated deepfakes to appear and sound like the person they are impersonating. This technology allows them to pass video interviews and other screening processes with ease.
NORTH KOREAN HACKERS USE DISGUISED APPS TO TARGET MACS WITH HIDDEN MALWARE
The laptop farms
After being hired, these operatives request that their work laptops be shipped to US addresses. These addresses are often “laptop farms” run by American accomplices who keep dozens of devices powered on and connected. These accomplices are paid to participate in the scheme, making it even harder to trace the operation back to North Korea.

FAKE JOB INTERVIEW EMAILS INSTALLING HIDDEN CRYPTOCURRENCY MINING MALWARE
Multiple jobs and massive earnings
Each operative may work multiple jobs at different companies simultaneously, maximizing their earnings and deepening their cover. According to the FBI, State, and Treasury departments, each worker can earn up to $300,000 annually. The money is then funneled back to North Korea, directly supporting the regime’s weapons program.
The scale of the problem
This is not a small-time scam. Security experts from companies like Google Cloud, SentinelOne, and CrowdStrike have all reported being targeted. SentinelOne, for example, received about 1,000 job applications linked to the North Korean IT worker program in just one month. The Justice Department has indicted Americans who helped run these operations, and some schemes have generated tens of millions of dollars for North Korea.
Hard to detect, harder to stop
The use of AI tools, deepfakes, and American accomplices makes these operatives incredibly difficult to detect. Even when companies do catch on and fire the fraudulent workers, the operatives often have exit strategies in place, such as planting malware to extort the company later.
Watch the latest episode of The CyberGuy Report.
Missed this event? Sign up via the registration form and see our live recording.
See Kurt’s latest Amazon picks for useful gadgets, smart home upgrades and everyday tech worth grabbing while the deals last.
How to protect yourself and your company
With the rise of sophisticated schemes like North Korean laptop farms, strong cybersecurity hygiene is no longer optional—it’s essential. Here are critical steps every individual and business should take:
Use reputable antivirus software on all devices to detect and block malware before it spreads. Free tools aren’t enough—invest in trusted protection with real-time scanning and threat response. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
- Strong real-time protection against viruses, malware, ransomware and hacking attempts
- AI-powered scam protection to help identify suspicious emails, texts and websites
- Built-in password manager to securely store and manage logins
- 2 GB PC cloud backup to help protect important files from ransomware or hardware failure
- Smart firewall and phishing protection
- Protects 1, 3 or 5 devices
- Available for Windows, macOS, Android and iOS
- Includes real-time threat protection, smart firewall and phishing protection to guard against online attacks
Don’t assume your internet provider, mobile carrier, or device manufacturer is keeping you fully protected. Apple and Android devices, as well as home networks, still need added layers of defense.
Minimize your digital footprint. The more personal information that’s publicly available, the easier it is for foreign actors to target or impersonate you.
EXTRA CASH WITH NO CATCH? SPOTTING RETIREE JOB SCAMS
The risks for companies
Hiring a North Korean operative, even unknowingly, can expose companies to major compliance risks, especially given the heavy economic sanctions against North Korea. There is also the risk of data breaches, ransomware attacks, and reputational damage.
Reluctance to speak out
Many companies are hesitant to admit they have been targeted, fearing legal repercussions and damage to their reputation. However, experts stress that openness is crucial. Sharing information about these attacks can help the entire industry defend itself more effectively.
What can be done?
Companies need to strengthen their hiring processes, using advanced identity verification methods and being wary of candidates who seem too good to be true. Regular audits and background checks can help, as can collaboration with law enforcement and cybersecurity experts.
Targeting the nerve centers
Law enforcement agencies are focusing on shutting down the laptop farms and prosecuting American accomplices, which can disrupt the operations significantly. However, as the schemes evolve, ongoing vigilance and adaptation are necessary.
Kurt’s key takeaways
The rise of North Korean cyber operatives in the US tech industry is a wake-up call for every company that relies on remote workers. While the scale of the problem is daunting, awareness and collaboration are our best tools. By talking openly about these threats and sharing strategies, the tech community can stay one step ahead of the scammers. It is a challenging battle, but with the right approach, it is one we can win together.
Do you think the government is doing enough to protect US companies from North Korean cyber operatives, or should there be tougher measures and more support for businesses facing these threats? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE




