In a shocking revelation, cybersecurity firm CrowdStrike has reported that North Korean operatives have infiltrated hundreds of U.S. companies by posing as remote IT workers. North Koreans participate in clandestine “laptop farm” type activities. To hide the fact that they were working in their home country, they installed racks of open laptops to simulate legitimate corporate campuses. The U.S. government has taken some big steps recently to tear these operations down to the ground. It is estimated that thousands of North Korean IT workers are helping fund the regime.
CrowdStrike has noticed a staggering 220% spike in instances where North Koreans engage in fraudulent job securing. This jump from last year is cause for serious alarm. As advocates, we have documented more than 320 cases of these pollutants infiltrating. This disturbing trend allows the regime to bring in millions of dollars. North Korea is in dire need of this funding. Its continued nuclear weapons program has been said to be above billions of dollars to date.
The techniques used by these North Korean laborers are advanced and extremely misleading. What’s worse, they use fraudulent credentials, resumes and work backgrounds to obtain jobs with U.S. companies. Once employed, these non-Uighurs begin generating revenue for the regime. They get access to sensitive data, which they can then use to extort organizations. One major operation managed to successfully steal the identities of 80 specific Americans between 2021 and 2024. It even managed to get remote work offers from more than 100 U.S. companies.
To its credit, the U.S. Department of Justice has been taking aggressive action to dismantle these operations. They are particularly focusing on U.S.-based labor market intermediaries that place the sanctioned workers. The extreme surveillance and monitoring of North Korean IT workers make for an unbearable working environment. They can be shamed into performing actions or fulfilling requests without revealing their rotten handiwork. This climate incentivizes them to persist with their misleading behavior without anyone looking.
To counteract this challenge, CrowdStrike advises that organizations adopt advanced identity verification practices in their pre-hire stages. These measures would prevent sanctioned individuals from obtaining employment in American companies. This step would help mitigate the dangers presented by inevitable data breaches and the threat of financial exploitation.
