North Korea infiltrates IT workers into Western companies: USA imposes sanctions

Fake profiles on job platforms, AI-generated faces in job interviews, stolen identities on resumes: According to US authorities, North Korea is systematically infiltrating Western companies with IT workers – and collecting their salaries for its nuclear weapons program. The activities are part of a global strategy in the area of cybercrime. As part of an ongoing campaign, the US has imposed sanctions against six individuals and two organizations that keep the global network running. Europe is also not a safe haven: one intermediary operated from Spain. The Google Threat Intelligence Group also observes more applications from North Korean IT specialists at companies in Europe in other parts of the continent.

In their search for suitable IT specialists, some US companies have apparently forgone any form of personal presence in recent years – even during job interviews. The FBI therefore advised in January 2025 that companies should conduct the hiring process in person as much as possible. In some cases, companies have apparently also fallen for dubious recruitment agencies.

Not just fake work, but also extortion

If it were just about collecting wages for work performed, some companies could probably live with it, if the money didn't flow into weapons programs. However, US authorities warn that in individual cases, such IT agents also resort to extorting companies. To do this, they infiltrate malware into company networks and steal sensitive data. According to the FBI, source code was stolen and only released for money. Entire code repositories, for example on GitHub, were transferred to private accounts and cloud storage.

The US Treasury Department estimates the amount earned by North Koreans for the year 2024 alone at 800 million US dollars. However, this sum is only part of the revenue: in a record year, North Korea also allegedly stole two billion US dollars in cryptocurrency. Among the sanctioned individuals are the CEO of a shell company in Vietnam that exchanged 2.5 million US dollars for North Koreans in cryptocurrency. The Spanish actor brokered freelance IT contracts, others coordinated the overseas deployment of IT workers or engaged in money laundering. In the US, an accomplice was recently sentenced to a long prison term for infiltrating fake IT specialists from North Korea.

What the FBI advises companies

The FBI advises companies to be restrictive when granting access rights and to monitor network traffic and remote connections. The importance of a thorough analysis was demonstrated at Amazon, where a minimal keyboard delay exposed a North Korean IT mole. External recruitment agencies should also be scrutinized regarding how they handle new hires.

(mki)