Fortune 500 companies have unknowingly employed thousands of software engineers who posed as American developers but are actually North Korean nationals using stolen or fabricated identities. These IT workers, hired through legitimate channels, have been illegally sending their salaries to the North Korean regime to help fund its banned weapons of mass destruction and ballistic missile programs. According to the U.S. Treasury, State Department, and FBI, this scheme has generated hundreds of millions of dollars annually since 2018.
Harrison Leggio, founder of the crypto startup g8keep, estimates that about 95% of the résumés he receives in response to job postings are from North Korean engineers falsely claiming to be American. In one case, he interviewed someone who said they had worked at the same Manhattan-based cryptocurrency exchange as he had. But the candidate got key details wrong—naming programming languages that weren’t used and describing workflows that didn’t exist.
Now, Leggio includes an unusual filter in his hiring process. Before scheduling an interview, he asks potential candidates to do one thing: say something negative about Kim Jong Un. Through his own research, Leggio learned that criticizing North Korea’s Supreme Leader, the head of the Democratic People’s Republic of Korea (DPRK), is strictly prohibited and can carry serious consequences for North Korean citizens.
“The first time I tried it, the person started panicking and swearing,” Leggio recalled. The candidate quickly blocked him on all social media platforms. Since then, he’s made the request a standard part of his screening process—and said other startup founders are doing the same.
A yacht or a missile?
The United Nations estimates the North Korean IT worker operation generates between $250 million and $600 million each year. In response, cybersecurity professionals have started sharing information about warning signs, suspicious VPN activity, and other indicators. However, advances in AI have strengthened the scheme: North Korean workers now use scripts to juggle multiple jobs simultaneously, disguise their faces, and alter their voices to hide accents or impersonate different genders.
Experts believe this operation will grow in 2025, spreading further into Europe and Asia. With improved social engineering techniques and more aggressive targeting of defense and government sectors, the threat is expected to become more widespread and sophisticated.
Trump has told Walmart, $WMT, to 'eat the tariffs' instead of raising prices
5/17/2025 11:59 PMMoody’s downgrades US credit rating to Aa1 from Aaa
5/17/2025 4:55 AMYouTube, GOOGL, viewers will start seeing ads after ‘peak’ moments in videos
5/16/2025 7:55 PMCEOs say that just a fraction of AI initiatives are actually delivering the return on investment they expected
5/16/2025 7:51 PM
Stay Updated
Subscribe to our newsletter for the latest financial insights and news.
