Fortune 500 companies have unknowingly employed thousands of software engineers who posed as American developers but are actually North Korean nationals using stolen or fabricated identities. These IT workers, hired through legitimate channels, have been illegally sending their salaries to the North Korean regime to help fund its banned weapons of mass destruction and ballistic missile programs. According to the U.S. Treasury, State Department, and FBI, this scheme has generated hundreds of millions of dollars annually since 2018.
Harrison Leggio, founder of the crypto startup g8keep, estimates that about 95% of the résumés he receives in response to job postings are from North Korean engineers falsely claiming to be American. In one case, he interviewed someone who said they had worked at the same Manhattan-based cryptocurrency exchange as he had. But the candidate got key details wrong—naming programming languages that weren’t used and describing workflows that didn’t exist.
Now, Leggio includes an unusual filter in his hiring process. Before scheduling an interview, he asks potential candidates to do one thing: say something negative about Kim Jong Un. Through his own research, Leggio learned that criticizing North Korea’s Supreme Leader, the head of the Democratic People’s Republic of Korea (DPRK), is strictly prohibited and can carry serious consequences for North Korean citizens.
“The first time I tried it, the person started panicking and swearing,” Leggio recalled. The candidate quickly blocked him on all social media platforms. Since then, he’s made the request a standard part of his screening process—and said other startup founders are doing the same.
A yacht or a missile?
The United Nations estimates the North Korean IT worker operation generates between $250 million and $600 million each year. In response, cybersecurity professionals have started sharing information about warning signs, suspicious VPN activity, and other indicators. However, advances in AI have strengthened the scheme: North Korean workers now use scripts to juggle multiple jobs simultaneously, disguise their faces, and alter their voices to hide accents or impersonate different genders.
Experts believe this operation will grow in 2025, spreading further into Europe and Asia. With improved social engineering techniques and more aggressive targeting of defense and government sectors, the threat is expected to become more widespread and sophisticated.
Trump: I want no more property taxes across the United States
7/4/2025 10:14 PMTrump's "Big, Beautiful" has $1.1 trillion in health cuts and 11.8 million losing care
7/3/2025 7:31 PMTrump’s Big, Beautiful bill passes the House
7/3/2025 7:27 PMGas prices haven’t been this low for the Fourth of July since 2021
7/3/2025 4:32 PM
Stay Updated
Subscribe to our newsletter for the latest financial insights and news.