North Korean IT scam targets western firms
North Korean IT workers are employing sophisticated deception to land remote IT jobs in Western tech companies. They use false names, fake LinkedIn profiles, counterfeit work documents, and scripted interviews to overcome employment barriers.

This strategy, crucial for North Korea's foreign currency earnings and nuclear missile program financing, involves methods designed to persuade Western hiring managers, as revealed by documents reviewed by Reuters and interviews with a former North Korean IT worker and cybersecurity experts.
The United States, South Korea, and the United Nations have reported that North Korea dispatched thousands of IT workers abroad over the past four years to raise millions of dollars. Despite the threat of punishment for free expression in North Korea, these workers use interview scripts to portray a favorable corporate culture. Palo Alto Networks, a U.S. cybersecurity firm, uncovered internal documents outlining North Korea's remote IT workforce operations, including bogus resumes and identities.
Leaked darkweb data further exposes the tactics North Korean workers use to secure jobs internationally, a crucial operation for the financially struggling regime. According to the U.S. Justice Department, these IT workers can earn significantly more than other North Korean laborers abroad, collectively making over $3 million annually.
These scripts often rationalize the need for remote work. One, used by a senior software developer named "Richard," cites family health issues to justify remote work. A defected North Korean IT worker confirmed to Reuters that creating multiple fake profiles for job applications is a standard practice.
The U.S. government has raised alarms about the risks associated with North Korean IT workers, including potential hacking. Some of their resumes show experience in the cryptocurrency sector, frequently targeted by North Korean hackers. The documents also reveal their use of sophisticated fake IDs and the purchase of legitimate online profiles to enhance credibility. LinkedIn has removed such an account, demonstrating the challenges in identifying and stopping these fraudulent actions.
Most Read News
-
US Middle East envoy pledged to press Israel to resume G
-
EU approves its 17th sanctions package against Russia
-
Think tank backs Spain’s stance on Gaza, calls for globa
-
Algeria accuses France of breaching diplomatic passport
-
Trump says he's 'surprised' public didn't know about Bid
-
Chinese tech firm Huawei launches its 1st PC with its ow
-
UK opposition leader vows to reverse Starmer's 'reset de
-
North Korea’s leader may face war crime probe for suppor
-
‘Choose France’ summit set to attract around $22.5B in n
-
Wildfires rage across US state of Arizona, with over 8,0