Companies from the Fortune 500 list are unwittingly hiring thousands of software engineers who pose as American developers but are actually North Korean citizens using stolen or fake documents, writes Fortune magazine. Working legally, IT specialists illegally transfer their salaries to Kim Jong Un's regime to fund banned programs for creating weapons of mass destruction and ballistic missiles. According to general estimates by the US Treasury, State Department, and FBI, since 2018, the IT worker scam has been bringing in hundreds of millions annually.
The cybersecurity company CrowdStrike reported that North Korean IT specialists, whom they call Famous Chollima, were behind 304 incidents in 2024, and their activity increased in the second half of this year. This group has two directions, one of which is malware that collects intelligence and steals cryptocurrency, such as the theft of cryptocurrency from a Dubai exchange worth $1.5 billion. The other is the IT worker scam.
In the past two years, the Department of Justice has charged dozens of North Korean citizens and unnamed accomplices in this scheme, accusing them of stealing American personal data, conspiracy to violate US sanctions, fraud, and money laundering. The FBI's list of wanted cybercriminals includes at least 14 North Korean IT specialists, and the State Department has announced a reward of up to $5 million for information on those involved.
In Arizona, a 49-year-old woman helped North Korean accomplices get jobs at Fortune 500 banks, a television network, an aerospace company, an automaker, and a Silicon Valley tech company. Using 60 stolen personal data, she helped IT workers get jobs at 300 companies that paid them millions for their work.
The owner of the cryptocurrency startup g8keep, Harrison Ledger, told Fortune that about 95% of the resumes he receives in response to job ads come from North Korean engineers posing as Americans. Once, he even interviewed a candidate who claimed to have worked at the same Manhattan cryptocurrency exchange as him at the same time, but clarifying details exposed him. Ledger said that now he won't even schedule an interview with a candidate who seems promising on paper unless they agree to the final step. "Say something negative about Kim Jong Un," he tells potential job candidates. The first time he asked this question, the interviewee started to get upset and curse, and subsequently blocked Ledger on all social networks.
As the publication notes, artificial intelligence has given new strength to the North Korean scheme, allowing IT workers to develop scripts that enable them to disguise their appearance and even change their voice to have no accent or to sound like a woman instead of a man.
Michael Barnhart, head of intelligence at Google Cloud, who has been tracking North Korean threats for many years, explained the scheme as follows. North Korean engineers, based in China and Russia, use artificial intelligence to create biographies that highlight attractive work experience in a company. They work in teams to submit job applications en masse, using stolen American documents or with the help of intermediaries in the US or abroad. Some IT workers even create front companies that pose as legitimate recruiting firms or web design agencies, which are then hired by large Fortune 500 companies, unaware that it is a North Korean cover, says Barnhart.
The FBI reported that this money funds nuclear weapons and operations, and the intelligence and data that IT workers steal from companies are used for extortion, espionage, and data theft. "There are criminals who steal your money to buy yachts, but in this case, your money doesn't go to a Lamborghini, it goes back to fund nuclear munitions," says Barnhart.