US tech giants unknowingly hire North Korean cyber operatives

US tech giants unknowingly hire North Korean cyber operatives

How North Korean operatives infiltrate US tech companies

by Kurt Knutsson
image_printPrint this article

The world of remote work has opened up incredible opportunities for both companies and workers. However, it has also created new vulnerabilities that cybercriminals and even nation-states are eager to exploit.

One of the most alarming trends to emerge in recent years is the infiltration of US tech companies by North Korean cyber operatives. These operatives are not just after sensitive data, they are using their positions to funnel millions of dollars back to Pyongyang, funding the country’s weapons program. Let’s break down how this scheme works, why it is so difficult to stop, and what companies can do to protect themselves.

 

 

Illustration of North Korean cyber operative

 

North Korea’s playbook: Fake identities and deepfakes

North Korean operatives start by creating convincing fake identities, often using stolen personal information like Social Security numbers and addresses from real Americans. With these details, they set up professional-looking LinkedIn profiles and apply for remote IT jobs en masse. Recruiters and hiring managers, often overwhelmed by the sheer volume of applicants and the ongoing shortage of cybersecurity talent, may not spot the red flags.

Once these operatives land an interview, they sometimes use AI-generated deepfakes to appear and sound like the person they are impersonating. This technology allows them to pass video interviews and other screening processes with ease.

Illustration of North Korean cyber operative

 

NORTH KOREAN HACKERS USE DISGUISED APPS TO TARGET MACS WITH HIDDEN MALWARE

 

The laptop farms

After being hired, these operatives request that their work laptops be shipped to US addresses. These addresses are often “laptop farms” run by American accomplices who keep dozens of devices powered on and connected. These accomplices are paid to participate in the scheme, making it even harder to trace the operation back to North Korea.

Illustration of North Korean cyber operative

 

FAKE JOB INTERVIEW EMAILS INSTALLING HIDDEN CRYPTOCURRENCY MINING MALWARE

 

Multiple jobs and massive earnings

Each operative may work multiple jobs at different companies simultaneously, maximizing their earnings and deepening their cover. According to the FBI, State, and Treasury departments, each worker can earn up to $300,000 annually. The money is then funneled back to North Korea, directly supporting the regime’s weapons program.

 

The scale of the problem

This is not a small-time scam. Security experts from companies like Google Cloud, SentinelOne, and CrowdStrike have all reported being targeted. SentinelOne, for example, received about 1,000 job applications linked to the North Korean IT worker program in just one month. The Justice Department has indicted Americans who helped run these operations, and some schemes have generated tens of millions of dollars for North Korea.

 

Hard to detect, harder to stop

The use of AI tools, deepfakes, and American accomplices makes these operatives incredibly difficult to detect. Even when companies do catch on and fire the fraudulent workers, the operatives often have exit strategies in place, such as planting malware to extort the company later.

More from CyberGuy
🔴 Free Live Class
Latest CyberGuy Report podcast episode

Watch the latest episode of The CyberGuy Report.

📱 Free class recording: Lock down your phone

Missed this event? Sign up via the registration form and see our live recording.

🛒 This week’s top Amazon deals

See Kurt’s latest Amazon picks for useful gadgets, smart home upgrades and everyday tech worth grabbing while the deals last.

×

Latest CyberGuy Report podcast episode

Reserve your free spot

 

How to protect yourself and your company

With the rise of sophisticated schemes like North Korean laptop farms, strong cybersecurity hygiene is no longer optional—it’s essential. Here are critical steps every individual and business should take:

Use reputable antivirus software on all devices to detect and block malware before it spreads. Free tools aren’t enough—invest in trusted protection with real-time scanning and threat response. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

One of the top solutions we recommend is Norton Antivirus Plus, which extends protection beyond just traditional virus scanning. While iPhones have strong built-in security, Norton adds an important extra layer by helping block malicious websites, phishing links, and unsafe downloads before they can cause harm. If you accidentally tap a bad link in an email, text message, or social media post, Norton helps prevent access to known dangerous sites using its continuously updated threat intelligence. If you are interested in a strong antivirus with phone customer service, we recommend Norton Antivirus Plus. This product includes:
  • Strong real-time protection against viruses, malware, ransomware and hacking attempts
  • AI-powered scam protection to help identify suspicious emails, texts and websites
  • Built-in password manager to securely store and manage logins
  • 2 GB PC cloud backup to help protect important files from ransomware or hardware failure
  • Smart firewall and phishing protection
COVERAGE
  • Protects 1, 3 or 5 devices
  • Available for Windows, macOS, Android and iOS
  • Includes real-time threat protection, smart firewall and phishing protection to guard against online attacks
EXCLUSIVE CYBERGUY DEAL: 58% off (year 1) Please note that the above product is the core antivirus product. Norton may try to upsell additional products, but we don’t recommend them. We encourage you to decline those offers.

 

Don’t assume your internet provider, mobile carrier, or device manufacturer is keeping you fully protected. Apple and Android devices, as well as home networks, still need added layers of defense.

 

Minimize your digital footprint. The more personal information that’s publicly available, the easier it is for foreign actors to target or impersonate you.

 

Illustration of North Korean cyber operative

 

EXTRA CASH WITH NO CATCH? SPOTTING RETIREE JOB SCAMS

 

The risks for companies

Hiring a North Korean operative, even unknowingly, can expose companies to major compliance risks, especially given the heavy economic sanctions against North Korea. There is also the risk of data breaches, ransomware attacks, and reputational damage.

 

Reluctance to speak out

Many companies are hesitant to admit they have been targeted, fearing legal repercussions and damage to their reputation. However, experts stress that openness is crucial. Sharing information about these attacks can help the entire industry defend itself more effectively.

 

What can be done?

Companies need to strengthen their hiring processes, using advanced identity verification methods and being wary of candidates who seem too good to be true. Regular audits and background checks can help, as can collaboration with law enforcement and cybersecurity experts.

 

Targeting the nerve centers

Law enforcement agencies are focusing on shutting down the laptop farms and prosecuting American accomplices, which can disrupt the operations significantly. However, as the schemes evolve, ongoing vigilance and adaptation are necessary.

Illustration of North Korean cyber operative

 

Kurt’s key takeaways

The rise of North Korean cyber operatives in the US tech industry is a wake-up call for every company that relies on remote workers. While the scale of the problem is daunting, awareness and collaboration are our best tools. By talking openly about these threats and sharing strategies, the tech community can stay one step ahead of the scammers. It is a challenging battle, but with the right approach, it is one we can win together.

Do you think the government is doing enough to protect US companies from North Korean cyber operatives, or should there be tougher measures and more support for businesses facing these threats? Let us know in the comments below. 

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

image_printPrint this article

   
 
 
🎙 Now Streaming: My New Podcast: The CyberGuy Report

   


 

Kurt’s Top Deals

Deals move fast and inventory can be limited, so don’t wait too long.

🔥 Editor’s pick
Summer entertaining
Ninja SLUSHi Machine
(26% off)
Frozen drinks and slushies at home in minutes.
 
Patriotic pick
American Flag
(19% off)
Heavyweight outdoor American flag.
💰 Top deal
Outdoor essential
TYPEC Solar Bug Zapper
(36% off)
Solar-powered bug zappers for patios and camping.
 
Car tech
ROVE R3 Dash Cam
(33% off)
Front, rear and cabin camera coverage.

Leave a Comment

Free newsletter

Get my free CyberGuy Report

Get my latest tech news, security alerts, tips and deals delivered straight to your inbox.

No spam. No sharing your email. Ever.

🎁

Bonus: Get my FREE Ultimate Scam Survival Guide instantly when you sign up.

By signing up, you agree to our Terms of Service and Privacy Policy . You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder