North Korean IT Workers Infiltrate Fortune 500 Companies to Fund Nuclear Program

Can you believe this? North Korean hackers pose as U.S developers in Fortune 500 firms, funnel millions to Kim Jong Un's nuclear weapons programs

North Korean hackers are getting U.S. tech jobs -- how are they pulling it off? - You'd think Fortune 500 companies would have tight enough security to keep foreign spies out of their systems -- but North Korean hackers have found a clever way in. Posing as American software developers, these IT workers are landing jobs at major U.S. firms. Their goal? To funnel their legitimate salaries back to Kim Jong Un's regime and secretly fund North Korea's nuclear weapons and ballistic missile programs. Yes, it sounds like a spy movie plot -- but it's real, and it's happening on a massive scale. U.S. intelligence agencies, including the FBI, State Department, and Treasury, estimate that this scheme has generated between $250 million and $600 million every year since 2018. That's not pocket change -- that's missile money. Crypto founder Harrison Leggio is no stranger to the scam. He says that a staggering 95% of the applications he gets for engineering jobs at his startup come from North Korean nationals pretending to be American. One candidate even claimed to have worked at the same crypto exchange as Leggio -- except he flubbed key technical details that exposed the lie. Now, Leggio has a unique screening method. Before he agrees to interview any candidate, he asks them to criticize Kim Jong Un. Most North Korean citizens can't risk saying anything negative about their leader, even during a remote interview. The moment he made this request, one applicant panicked, cursed at him, and vanished from all social media. That was all the confirmation he needed. Artificial Intelligence is turning this threat into a full-blown cybercrime wave. North Korean IT workers, often stationed in China and Russia, are now using AI to create flawless résumés, realistic bios, and even fake identities with altered voice profiles. Some even sound like women to match the identities they've stolen. According to Michael Barnhart, a security lead at Google Cloud, North Korean operatives are forming pseudo-companies -- like fake recruiting agencies or IT vendors -- that pitch their services to Fortune 500 giants. These firms think they're outsourcing work to legitimate vendors, but they're actually hiring North Korean engineers hidden behind layers of deception. This isn't just about stolen salaries. It's about stolen secrets. The intelligence these fake workers access at American companies can be redirected toward espionage, data theft, and extortion. And while some hackers just want a yacht, these guys are funding weapons of mass destruction. CrowdStrike, a top cybersecurity firm, says the North Korean group they track as "Famous Chollima" was behind over 300 cyber incidents in 2024 alone. The group runs two main operations: one that focuses on malware and crypto theft, and another that places sleeper agents inside real tech jobs to funnel salaries and information back home. The challenge is, these fake developers are getting incredibly convincing. In one case, a company hired someone after a flawless interview -- only to realize later that the person who showed up on Day One wasn't the same person at all. They failed a geolocation test and turned out to be operating from a completely different country. To prevent this, experts like Emi Chiba from Gartner recommend multi-step identity verification. This includes live video interviews, comparing government IDs with real-time selfies, and using geolocation tracking to confirm someone's location. Just like a nightclub bouncer checking your ID twice -- once just isn't enough anymore. Security leaders now say HR teams need to work hand-in-hand with cybersecurity teams to keep an eye out for these tactics. Even simple things like checking for inconsistencies in voice, resume formatting, and LinkedIn profiles can save companies from making a costly mistake. This isn't just a problem overseas. American citizens are getting caught in the act, too. Some are running so-called "laptop farms" -- getting paid to accept company laptops and install remote access tools so North Korean IT workers can log in and work remotely, pretending to be in the U.S. One Arizona woman pleaded guilty to helping over 300 North Korean operatives get jobs using 60 stolen identities. These jobs were at major banks, tech firms, aerospace companies -- even a television network. The salaries? In the millions. In another case, an undercover investigation found that North Korean operatives were even coaching Americans through job interviews using remote-desktop tools. One fake "helper group," calling themselves "The Bens," offered to create LinkedIn profiles, write bios, and guide a fake candidate through live interviews -- sharing answers on-screen during the call. The goal? Get hired and send back 70% of the salary via crypto. The FBI is still chasing down North Korean IT workers and has even put bounties on their heads. But companies can't wait for government action. They need to step up now -- train HR staff, use smart ID verification tools, and be relentless about checking who's really logging into their systems. As cybersecurity expert Adam Meyers put it: "It's not just about protecting your paycheck -- it's about protecting national security. Your money isn't buying a Ferrari. It's building a missile." So next time your company hires a developer who looks great on paper, maybe throw in one extra interview question: "What's your opinion on Kim Jong Un?" How are North Korean developers getting tech jobs in the U.S.? They use fake identities, AI tools, and fake résumés to get hired remotely. Why are North Korean hackers working at Fortune 500 companies? To send salaries back to fund Kim Jong Un's nuclear weapons programs.

North Korean infiltrators becoming IT workers to funnel their salaries to help Kim Jong Un build nukes: Report

To fund nuclear ambitions of the East Asian nation, North Korean citizens are reportedly using fake identities to bag IT jobs to funnel their salaries to dictator Kim Jong, reported Fortune. As per the report, Fortune 500 companies have unwittingly hired thousands of software engineers who claim to be American developers but are actually North Korean citizens using stolen or fake identities. Through legitimate employment, the IT workers are illegally funnelling their salaries to Kim Jong Un's regime to fund prohibited weapons of mass destruction and ballistic missile programs. As per the US Treasury, State Department, and FBI, IT workers scam has generated hundreds of millions each year since 2018. The UN estimated the North Korean IT worker scam has generated $250 million to $600 million every year since 2018. But AI has emboldened the North Korean scheme, allowing the IT workers to develop scripts so they can hold down as many as six or seven jobs at a time, disguise their appearance, and even alter their voices so they don't have an accent -- or so they sound like a woman instead of a man. Experts predict the scope and scale will expand in 2025, moving across Europe and Asia with well-honed social engineering tactics paired with more aggressive job hunting at European defense and government companies. Michael Barnhart, an intelligence leader at Google Cloud who has been tracking North Korean threats for years, explained the scheme this way: North Korean engineers, deployed to locations in China and Russia, use AI to create bios with eye-catching company experience highlighted. They work in teams to apply for jobs en masse, using stolen American identities, or with the help of facilitators in the U.S. or abroad. Some IT workers have even created front companies to pose as legitimate recruiting firms or web-design agencies, for instance, that larger Fortune 500 companies then hire -- not realizing it's a North Korean front, said Barnhart. Among global companies, security teams have implemented different systems and strategies for rooting out North Korean IT workers seeking jobs as well as those already employed and working at companies, Barnhart said. And the stakes couldn't be higher. "There are criminals who steal your money to get yachts, but in this case, your money isn't going to a Lamborghini -- it's going back to fund nuclear munitions," said Barnhart. "A yacht versus a missile -- attribution matters." The Federal Bureau of Investigation (FBI) is providing an update to previously shared guidance regarding Democratic People's Republic of Korea (North Korea) Information Technology (IT) workers to raise public awareness of their increasingly malicious activity, which has recently included data extortion. FBI is warning the public, private sector, and international community about North Korean IT workers' continued victimization of US-based businesses. In recent months, in addition to data extortion, FBI has observed North Korean IT workers leveraging unlawful access to company networks to exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime.

North Korean IT Workers Impersonating Americans To Land Jobs At Fortune 500 Companies To Fund Kim Jong Un's Weapons Program: Report

Enter your email to get Benzinga's ultimate morning update: The PreMarket Activity Newsletter Thousands of North Korean IT workers have been found to be working undercover in Fortune 500 companies, with their earnings being used to fund Kim Jong Un's illicit weapons programs. What Happened: These IT professionals have been using stolen or fabricated identities to gain employment in these companies, reported Fortune. The U.S. Treasury, State Department, and FBI estimate that this operation has been generating hundreds of millions annually since 2018. The North Korean engineers are not only impersonating Americans but are also leveraging advanced AI to alter their appearances and voices. They are even managing to hold multiple jobs simultaneously, thereby increasing the amount of money funneled back to North Korea. Harrison Leggio told the publication that nearly all the résumés he gets for roles at his crypto startup g8keep -- about 95% -- are actually from North Korean engineers pretending to be Americans. See Also: China 'Resolutely Opposes' Trump's 50% Tariff Threat, Vows Countermeasures As Trade Tensions Jolt Markets: 'Will Fight To The End' Michael Barnhart, an intelligence leader at Google Cloud, stated that these engineers are stationed in China and Russia, where they use AI to create impressive bios and apply for jobs in bulk. Why It Matters: Despite attempts to disrupt this operation, cybersecurity firm CrowdStrike reported that North Korean IT workers were behind 304 incidents in 2024, and their activities increased during the latter half of the year. The firm predicts that these campaigns will continue in 2025, given their financial success. This recent revelation is not an isolated incident. North Korean hackers were already leveraging AI to facilitate their cyber operations, targeting employees of global defense, cybersecurity, and cryptocurrency companies. In 2024, the U.S. Justice Department accused an American woman and a Ukrainian man of being involved in a scheme that allegedly helped North Korea fund its nuclear weapons program. The scheme involved more than 300 U.S. companies hiring foreign nationals with North Korean connections for remote IT work. Read Next: Billionaire Charlie Munger Said He'd Be The 'Richest Man on Earth' If He Could Go Back 100 Years And Start Over -- 'I Could Have Done a Lot Better' Image via Shutterstock Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors. Got Questions? AskWhich Fortune 500 companies might be compromised?How will cybersecurity firms respond to this threat?Could AI technology be leveraged in countermeasures?What implications does this have for global tech jobs?Which defense contractors could benefit from increased budgets?How might this affect international relations with North Korea?What potential risks do remote IT workers face?Which investment firms could capitalize on cybersecurity trends?How will this impact cryptocurrency markets?What sectors might see growth due to increased cybersecurity spending?Powered ByMarket News and Data brought to you by Benzinga APIs