North Korea found a loophole in sanctions as its AI agents land actual remote jobs – We Got This Covered

A new report from the cybersecurity company CrowdStrike has revealed a troubling and fast-growing scheme in which North Korean spies, pretending to be remote IT workers, are getting jobs at Western companies.

The main purpose of this operation is not just to steal information but to make money for North Korea’s nuclear weapons program, which is under international sanctions but has already collected billions of dollars.

This fake job scheme has grown extremely quickly. The company found more than 320 cases in the past year, which is a shocking 220% increase compared to the year before. In each case, North Koreans managed to get fake remote jobs as developers at companies in Western countries. The exact number of these workers is not known, but some guesses say there could be thousands.

The way the scheme works is complex and very deceptive. The North Koreans, who CrowdStrike calls by the hacking group name “Famous Chollima,” use fake identities, made-up resumes, and false work histories to get hired. Importantly, they are now using artificial intelligence, including generative AI tools, to make their scams more convincing. These tools help them write realistic resumes and even create “deepfake” videos of themselves for remote job interviews, making it harder for companies to catch them.

We’re somehow paying for North Korea’s nuclear weapons

Once they are inside a company, these fake workers not only collect paychecks that go back to the North Korean government but also get access to company data, which they can later steal or misuse. This scam is not completely new, but it is becoming more successful even though U.S. sanctions make it illegal for American companies to hire North Korean workers.

CrowdStrike says that weak identity checks during hiring are a major weakness that these spies are taking advantage of. The report recommends that companies use stricter hiring checks to avoid employing these sanctioned workers.

U.S. law enforcement agencies have been working hard to stop these operations. The Department of Justice has been going after people in the U.S. who help run the scheme for their North Korean bosses. These efforts include looking into people who operate “laptop farms,” which are setups with multiple laptops that let North Koreans work remotely while making it seem like they are in the U.S.

In a June court case, prosecutors described one operation where North Koreans stole the identities of 80 people between 2021 and 2024 to get remote jobs at more than 100 U.S. companies. Some companies, especially in the cryptocurrency industry, have come up with a strange way to check for possible spies. These companies have reportedly asked job applicants to say something negative about the wealthy North Korean leader, Kim Jong Un.

The idea is that North Korean workers, who are closely watched by their government, would never agree to do this, revealing themselves as fake applicants. North Korean relations with the U.S. are already facing strain, and this just adds to it.