North Korean IT operators are increasingly using artificial intelligence and false identities to obtain remote jobs at Western companies, according to a Financial Times report cited by Swedish technology publication IDG.se. The sophisticated fraud scheme, which has already targeted hundreds of companies in the United States, is now reportedly spreading to Europe.
The operation involves North Korean operators stealing or renting identities, often through old LinkedIn accounts, then creating fake CVs, references, and identity documents. They use AI to write credible job applications and communicate without linguistic errors. During video interviews, they can reportedly employ deepfake filters or digital avatars to conceal their identities.
When hired, companies typically send computers to the new 'employees,' which are then captured in so-called laptop farms, including locations in the United Kingdom, where operators log in remotely. A single person can sometimes handle multiple jobs simultaneously.
Between 2020 and 2024, North Korean operators infiltrated over 300 American companies, generating at least $6.8 million in revenue for the Pyongyang regime, according to U.S. authorities cited in the report. The money from these remote jobs is sent back to North Korea's government.
The scheme represents a new frontier in state-sponsored cybercrime, leveraging remote work infrastructure and AI technology to bypass traditional security measures and generate foreign currency for the sanctioned regime.