How One Company Finally Exposed North Korea's Massive Remote Workers Scam (nbcnews.com) 24
NBC News investigates North Korea's "wide-ranging effort to place remote workers at U.S. companies in order to funnel money back to its coffers and, in some cases, steal sensitive information."
And working with the FBI, one corporate security/investigations company decided to knowingly hire one of North Korea's remote workers — then "ship him a laptop and gain as much information as possible" about this "sprawling international employment scheme that is estimated to include hundreds of American companies, thousands of people and hundreds of millions of dollars per year." It worked.... Over a roughly three-month investigation, Nisos uncovered an apparent network of at least 20 North Korean operatives including "Jo" who had collectively applied to at least 160,000 roles. During that time, workers in the network — which some evidence showed were based in China — were employed by five U.S.-based companies and allegedly helped by an American citizen operating out of two nondescript suburban homes in Florida...
Nisos estimated that in about a year, "Jo", who was likely a newer member of the team, applied to about 5,000 jobs... "They attended interviews all day every day, and then once they secured a job, they would collect paychecks until they were terminated," [according to Jared Hudson, Nisos' chief technology officer]... With the ability to see which other U.S. companies Jo and his team were working for — all remote technology roles — Nisos' CEO, Ryan LaSalle, began making calls to their security teams to alert them of the fraud. "Most of the companies weren't aware of it, even if they had pretty robust security teams," LaSalle said. "It wasn't really high on the radar."
NBC News describes North Korea's 10-year effort — and its educational pipeline that steers promising students into "computer science and hacking training before being placed into cyberunits under military and state agencies, according to a recent report by DTEX, a risk-adaptive security and behavioral intelligence firm that tracks North Korea's cybercrime." In one case, a North Korean worker stole sensitive information related to U.S. military technology, according to the Justice Department. In another, an American accomplice obtained an ID that enabled access to government facilities, networks and systems. At least three organizations have been extorted and suffered hundreds of thousands of dollars in damages after proprietary information was posted online by IT workers... Analysts warn that North Korean IT workers are targeting larger organizations, increasing extortion attempts and seeking out employers that pay salaries in cryptocurrency. More recently, security researchers have uncovered fake job application platforms impersonating major U.S. cryptocurrency and AI firms, including Anthropic, designed to infect legitimate applicants' networks with malware to be utilized once hired. The global cybersecurity company CrowdStrike identified a 220% rise in 2025 in instances of North Koreans gaining fraudulent employment at Western companies to work remotely as developers...
The payoff flowing back to Pyongyang from these schemes is enormous. Some North Korean IT workers earn more than $300,000 per year, far more than they'd be able to earn domestically, with as much as 90% of their wages directed back to the regime, according to congressional testimony from Bruce Klinger, a former CIA deputy division chief for Korea. The United Nations estimates the schemes, which proliferated after the pandemic when more companies' workforces went remote, generate as much as $600 million annually, while a U.S. State Department-led sanctions monitoring assessment placed earnings for 2024 as high as $800 million... So far, at least 10 alleged U.S.-based facilitators have been federally charged, including one active-duty member of the U.S. Army, for their alleged roles in hosting laptop farms, laundering payments and moving proceeds through shell companies. At least six other alleged U.S. facilitators have been identified in court documents but not named...
"We believe there are many more hundreds of people out there who are participating in these schemes," said Rozhavsky, the FBI assistant director. "They could never pull this off if they didn't have willing facilitators in the U.S. helping them...." The scheme itself is also becoming more complex. North Korean IT teams are now subcontracting work to developers in Pakistan, Nigeria and India, expanding into fields like customer service, financial processing, insurance and translation services — roles far less scrutinized than software development.
And working with the FBI, one corporate security/investigations company decided to knowingly hire one of North Korea's remote workers — then "ship him a laptop and gain as much information as possible" about this "sprawling international employment scheme that is estimated to include hundreds of American companies, thousands of people and hundreds of millions of dollars per year." It worked.... Over a roughly three-month investigation, Nisos uncovered an apparent network of at least 20 North Korean operatives including "Jo" who had collectively applied to at least 160,000 roles. During that time, workers in the network — which some evidence showed were based in China — were employed by five U.S.-based companies and allegedly helped by an American citizen operating out of two nondescript suburban homes in Florida...
Nisos estimated that in about a year, "Jo", who was likely a newer member of the team, applied to about 5,000 jobs... "They attended interviews all day every day, and then once they secured a job, they would collect paychecks until they were terminated," [according to Jared Hudson, Nisos' chief technology officer]... With the ability to see which other U.S. companies Jo and his team were working for — all remote technology roles — Nisos' CEO, Ryan LaSalle, began making calls to their security teams to alert them of the fraud. "Most of the companies weren't aware of it, even if they had pretty robust security teams," LaSalle said. "It wasn't really high on the radar."
NBC News describes North Korea's 10-year effort — and its educational pipeline that steers promising students into "computer science and hacking training before being placed into cyberunits under military and state agencies, according to a recent report by DTEX, a risk-adaptive security and behavioral intelligence firm that tracks North Korea's cybercrime." In one case, a North Korean worker stole sensitive information related to U.S. military technology, according to the Justice Department. In another, an American accomplice obtained an ID that enabled access to government facilities, networks and systems. At least three organizations have been extorted and suffered hundreds of thousands of dollars in damages after proprietary information was posted online by IT workers... Analysts warn that North Korean IT workers are targeting larger organizations, increasing extortion attempts and seeking out employers that pay salaries in cryptocurrency. More recently, security researchers have uncovered fake job application platforms impersonating major U.S. cryptocurrency and AI firms, including Anthropic, designed to infect legitimate applicants' networks with malware to be utilized once hired. The global cybersecurity company CrowdStrike identified a 220% rise in 2025 in instances of North Koreans gaining fraudulent employment at Western companies to work remotely as developers...
The payoff flowing back to Pyongyang from these schemes is enormous. Some North Korean IT workers earn more than $300,000 per year, far more than they'd be able to earn domestically, with as much as 90% of their wages directed back to the regime, according to congressional testimony from Bruce Klinger, a former CIA deputy division chief for Korea. The United Nations estimates the schemes, which proliferated after the pandemic when more companies' workforces went remote, generate as much as $600 million annually, while a U.S. State Department-led sanctions monitoring assessment placed earnings for 2024 as high as $800 million... So far, at least 10 alleged U.S.-based facilitators have been federally charged, including one active-duty member of the U.S. Army, for their alleged roles in hosting laptop farms, laundering payments and moving proceeds through shell companies. At least six other alleged U.S. facilitators have been identified in court documents but not named...
"We believe there are many more hundreds of people out there who are participating in these schemes," said Rozhavsky, the FBI assistant director. "They could never pull this off if they didn't have willing facilitators in the U.S. helping them...." The scheme itself is also becoming more complex. North Korean IT teams are now subcontracting work to developers in Pakistan, Nigeria and India, expanding into fields like customer service, financial processing, insurance and translation services — roles far less scrutinized than software development.
How? (Score:5, Interesting)
Just require 1 in person interview before hiring and the first day you have to come to the office and personally take the computer home. A computer with GPS software on it to track it's location and ensure the actual work is done on it. At some random time i the next month have a video conferences and compare it to a picture taken on the job interview. Look for AI.
Moreover, what the hell Human resources??? Are you really that freakin incompetent? No wonder we unemployment is so high if 1) HR is bad they can't detect this and b) your standards are so 'off' that you want to hire these people instead of Americans.
The example here had an address in Florida and a bank account in Missouri. Those states don't touch. Just NO. And they matched the workers emails to an ISP not in Florida. Just ask some questions for god's sake.
Yes, I get it that one American is did a Remailing for the laptop. Why doesn't it have geolocation software in the business software
How is that not enough to stop this?
I think we need to not just punish them, but the HR people who let this crap happen. They should all be fired if they hire a SINGLE identity theft guy.
Re: (Score:3)
"GPS software" you say? Does that work indoors unlike the GPS hardware laptops usually don't have?
Re: (Score:1)
Smartphones have GPS, which can work indoors in some cases.
Re: How? (Score:2)
Re: (Score:1)
The example here had an address in Florida and a bank account in Missouri.
Not unusual.
And they matched the workers emails to an ISP not in Florida.
VPN user or was traveling.
Just ask some questions for god's sake.
The trick is to ask the right questions without coming across as so nosey that you make well-qualified legit candidates not only say "pass" but tell their friends to do the same.
Re: (Score:3, Informative)
Those things you consider not unusual are what other people call:
RED FLAGS
which normal people check up on.
VPN/traveling = check in every day for the next month. If it moves around, that's traveling. If it does not move, maybe a VPN but you got something suspicious. Do a video chat and find out. Maybe ask them advice on getting a VPN because the one you are using sucks.
You sound like a security guard explaining why he let someone wearing a ski mask and carrying a violin case into the bank when it turned
bro (Score:1)
In the land of non-retarded people, we don't close bank accounts just because we move. Why the fuck would anyone do that. People open a bank account in college and keep the same bank for decades.
"red flag!" "red flag!" "red flag!" smfh
Re: (Score:2)
Re: (Score:1)
Not every bank is multi-state/national, some are regional or local.
Re: (Score:3)
You do not understand the idea of a red flag.
It is possible to have a bank out of state. I am not stupid. But the far majority of people do no have it. Red flags are not a one off thing. It is the accumulation of multiple red flags that trigger investigation.
Example:
1) A woman is tall. Minor red flag.
2) The woman has garish make up. Minor red flag.
3) The woman did not do a good job shaving her upper lip. Minor red flag. (Yes, women remove facial hair.)
4) The woman has a scarf that covers up where an
Re: (Score:2)
Just require 1 in person interview before hiring and the first day you have to come to the office and personally take the computer home.
I said the same thing in one of the stories posted on here about this issue, but apparently that's too difficult. People don't even want to work in the office. Why expect someone to come in for an interview?
Re:How? (Score:5, Interesting)
Just make an in-person interview part of the hiring process. If they want to know why, give them some mumbo jumbo about security requirements. And don't worry about chasing away legitimate applicants; if they're not willing to come in for an interview, they're unlikely to make good employees.
In person training at hire (Score:2)
When I was hired, the 1st week was in person training & to meet the team. That went away during covid.
I'm surprised these larger companies do not do this.
Re: How? (Score:4, Interesting)
Re: How? (Score:2)
How often did you buy "made in USA" stuff... (Score:2)
I have a remote worker (Score:4, Interesting)
Nice racket! (Score:3)
once they secured a job, they would collect paychecks until they were terminated
Sounds like a nice little racket.
FBI is puzzled by US helpers (Score:2)
I dunno, maybe they want to earn some money so they can eat and pay medical bills?
You get what you pay for (Score:2)
Most of these companies (probably all) are trying to save money. Offer wages competitive enough and the right people will show up for an in person interview and occasional office visits.
Tippy top security focus (Score:2)
Good think they're so focused on getting out all those immigrant labourers who are deeply compromising US security.
Wired magazine covered this last year... (Score:1)
I realize that wired has become just a shell of its former self, dedicating itself to finding a way to embed anti-Trump elements into every story, but last May they covered this situation. [wired.com]