The $500 Million Heist: Your Best Remote Hire Might Not Exist—and Could Be Funding North Korea

A sophisticated, state-sponsored operation is embedding fake workers inside unsuspecting companies across North America and Europe.

BY AMAYA NICHOLE, NEWS WRITER

Illustration: Inc; Photo: Getty Images

North Korean nationals are using Western identities to operate as super-efficient remote IT staff within unsuspecting companies across the globe, according to a new report by cybersecurity experts at both Flare and IBM X-Force.

The operation is no small threat. The North Korean IT Worker (NKITW) operation involves the mobilization of thousands of skilled IT professionals to infiltrate organizations across North America and Western Europe. And a UN report estimated that North Korea IT workers generate annual revenue of approximately $500 million.

The Democratic People’s Republic of North Korea (DPRK), or North Korea, is subject to international sanctions that make it difficult to generate revenue through international trade. This has led the North Korean government to employ numerous techniques to generate revenue and evade sanctions. One of those techniques is the deployment of remote IT workers who use false identities to apply for and work remote IT jobs worldwide. 

The primary goal of this is to funnel generated income from IT work back to the DPRK party. As reported by the U.S. Department of Treasury and the FBI respectively, that money is then used to fund various weapons programs as well as data extraction.

How Anthropic's Claude AI Became a Co-Founder

There’s an organized system with key players. “Recruiters” screen potential IT workers “Facilitators” run the operation, IT workers complete the actual job requirements, and “collaborators” are typically Westerners lending their real identities to make the fake workers appear legitimate. When there are no collaborators, a fake identities are created.

Once hired, the DPRK IT workers are notably efficient employees—because multiple people are working behind each fake employee. This tactic aims for promotions in order to gain deeper access to company systems.

Additionally, an overseas DPRK IT worker reportedly earns at least 10 times more than they would if they were working in a factory or in construction. 

© Inc.com