How US companies could be funding North Korean Missiles

North Korean IT Workers in US Companies: A Hidden Threat to National Security

The infiltration of North Korean IT workers into US companies is no longer a theoretical risk—it is a widespread, persistent, and evolving threat. Recent reports and warnings from government agencies and cybersecurity experts reveal that thousands of North Korean nationals have secured remote IT positions in US firms, including Fortune 500 companies, using stolen or fake identities and advanced AI tools. The consequences are severe: an estimated 90% of the revenue from these workers is funneled directly into North Korea’s nuclear weapons and ballistic missile programs, fueling one of the world’s most dangerous regimes.

The Scale of the Problem

• Widespread Infiltration: Nearly every Fortune 500 company has received applications from North Korean IT workers, and many have unwittingly hired them.
• Massive Revenue Generation: The scheme has generated between $250 million and $600 million annually for North Korea since 2018, with the vast majority of these funds supporting the regime’s prohibited weapons programs.
• Sophisticated Tactics: North Korean operatives use a combination of AI, deepfakes, and face-swapping technology to create convincing fake profiles, alter their appearance and voice during interviews, and even hold multiple jobs simultaneously.

How North Korean IT Workers Operate

• Identity Obfuscation: They use stolen or fabricated identities, often posing as American or other non-North Korean nationals.
• AI-Powered Deception: Advanced AI tools help them generate fake resumes, profile photos, and even real-time video interview deepfakes.
• Remote Work Loopholes: The shift to remote work has made it easier for these operatives to bypass traditional in-person verification and background checks.
• Insider Threats: Once inside, these workers may steal sensitive data, plant malware, or extort companies by threatening to leak proprietary information.

Red Flags and Warning Signs

Technical Indicators:

• Use of public VPNs, remote management tools, or unauthorized software on corporate devices.
• Accessing company systems from unusual or inconsistent geographic locations.

Behavioral Indicators:

• Frequent excuses for missing video calls or last-minute cancellations.
• Inconsistencies between interview performance and on-the-job capabilities—such as excellent code submitted but poor explanation of the work, suggesting multiple people may be sharing the role.
• Different individuals appearing on camera during interviews versus regular meetings.
• Reuse of phone numbers or email addresses across multiple job applications.

Recruitment Process Red Flags:

• Candidates claim to have attended non-US educational institutions with unverifiable credentials.
• Applications coming through third-party staffing firms with opaque vetting processes.
• Overly polished LinkedIn or freelance profiles that seem too good to be true.

How Companies Can Protect Themselves

1. Strengthen Identity Verification

• Implement rigorous background checks, including verifying educational and employment history through trusted sources.
• Use video interviews with real-time verification and cross-check against submitted identification.

2. Monitor Technical and Behavioral Indicators

• Track device usage, login locations, and unusual access patterns on corporate networks.
• Educate frontline managers and HR teams to recognize the behavioral red flags described above.

3. Scrutinize Third-Party Staffing Firms

• Demand transparency from staffing partners about their vetting processes.
• Connect staffing firms with law enforcement briefings on this threat.

4. Foster a Culture of Vigilance

• Encourage managers to have open conversations about performance and behavioral anomalies, even if uncomfortable.
• Regularly update staff on the latest tactics used by North Korean threat actors.

5. Collaborate with Authorities

• Report suspicious cases to the FBI or relevant law enforcement agencies for investigation and support.

Conclusion

The infiltration of North Korean IT workers into US companies is a national security issue, not just a business risk. With the vast majority of their earnings funding North Korea’s nuclear weapons program, every compromised hire directly contributes to a global threat23. By understanding the red flags and implementing robust hiring and monitoring practices, companies can play a crucial role in shutting down this dangerous revenue stream.

“This threat is very adaptable; they have an exit strategy and a plan to have some monetary gain… We have to be adaptable as defenders and responders to be prepared to detect and respond to these changes.”
— Bryan Vorndran, FBI Cyber Division

Vigilance, education, and collaboration are essential to keeping North Korean operatives out of your workforce—and out of your networks.

Read more:
Recruitment Red Flags: Spotting DPRK IT Remote Workers

North Korea Cyber Threat Overview and Advisories

DPRK IT WORKERS

• About
• Latest Posts

Follow me

Paul Bergman

CEO at Tracc Development, Inc.

Paul Bergman runs a business strategy and cybersecurity consulting company in San Diego. He is CEO of AMRAD. He also leads a mentoring non-profit in San Diego, Lamp of Learning. He writes on cybersecurity  and board management for both corporate and nonprofit boards.

Follow me

Latest posts by Paul Bergman (see all)

• Would You Ignore a 1-in-3 Chance of a $250,000 Loss? – October 23, 2025
• The cybersecurity reality for SMBs – October 21, 2025
• Protecting Yourself from FinTech Fraud: Five Common Scams and How to Stay Safe – October 14, 2025