Thousands of North Korean IT workers have infiltrated the Fortune 500—and they keep getting hired for more jobs

Fortune 500 companies have unknowingly employed thousands of software engineers who posed as American developers but are actually North Korean nationals using stolen or fabricated identities. These IT workers, hired through legitimate channels, have been illegally sending their salaries to the North Korean regime to help fund its banned weapons of mass destruction and ballistic missile programs. According to the U.S. Treasury, State Department, and FBI, this scheme has generated hundreds of millions of dollars annually since 2018.

Harrison Leggio, founder of the crypto startup g8keep, estimates that about 95% of the résumés he receives in response to job postings are from North Korean engineers falsely claiming to be American. In one case, he interviewed someone who said they had worked at the same Manhattan-based cryptocurrency exchange as he had. But the candidate got key details wrong—naming programming languages that weren’t used and describing workflows that didn’t exist.

Now, Leggio includes an unusual filter in his hiring process. Before scheduling an interview, he asks potential candidates to do one thing: say something negative about Kim Jong Un. Through his own research, Leggio learned that criticizing North Korea’s Supreme Leader, the head of the Democratic People’s Republic of Korea (DPRK), is strictly prohibited and can carry serious consequences for North Korean citizens.

“The first time I tried it, the person started panicking and swearing,” Leggio recalled. The candidate quickly blocked him on all social media platforms. Since then, he’s made the request a standard part of his screening process—and said other startup founders are doing the same.

A yacht or a missile?

The United Nations estimates the North Korean IT worker operation generates between $250 million and $600 million each year. In response, cybersecurity professionals have started sharing information about warning signs, suspicious VPN activity, and other indicators. However, advances in AI have strengthened the scheme: North Korean workers now use scripts to juggle multiple jobs simultaneously, disguise their faces, and alter their voices to hide accents or impersonate different genders.

Experts believe this operation will grow in 2025, spreading further into Europe and Asia. With improved social engineering techniques and more aggressive targeting of defense and government sectors, the threat is expected to become more widespread and sophisticated.

tastytrade logo+
Get the best broker for options trading and earn Unusual Whales discounted! in cash with an eligible account deposit at tastytrade. Get an Unusual Whales bonus when you deposit $2000. Offer expires 3/31/25. Certain restrictions, terms and conditions apply.
Unusual Whales does not confirm the information's truthfulness or accuracy of the associated references, data, and cannot verify any of the information. Any content on this site or related pages are not intended to provide legal, tax, investment or insurance advice. Unusual Whales Inc. is not registered as a securities broker-dealer or an investment adviser with the U.S. Securities and Exchange Commission, the Financial Industry Regulatory Authority (“FINRA”) or any state securities regulatory authority. Nothing on Unusual Whales should be construed as an offer to sell, a solicitation of an offer to buy, or a recommendation for any security by Unusual Whales or any third party. Options, investing, trading is risky, and losses are more expected than profits. Please do own research before investing. Please only subscribe after reading our full terms and understanding options and the market, and the inherent risks of trading. It is highly recommended not to trade on this, or any, information from Unusual Whales. Markets are risky, and you will likely lose some or all of your capital. Please check our terms for full details.
Any content on this site or related pages are not intended to provide legal, tax, investment or insurance advice. Unusual Whales Inc. is not registered as a securities broker-dealer or an investment adviser with the U.S. Securities and Exchange Commission, the Financial Industry Regulatory Authority (“FINRA”) or any state securities regulatory authority. Nothing on Unusual Whales should be construed as an offer to sell, a solicitation of an offer to buy, or a recommendation for any security by Unusual Whales or any third party. Certain investment planning tools available on Unusual Whales may provide general investment education based on your input. You are solely responsible for determining whether any investment, investment strategy, security or related transaction is appropriate for you based on your personal investment objectives, financial circumstances and risk tolerance. You should consult your legal or tax professional regarding your specific situation. See terms for more information.