What’s Going On?
Since 2014, and especially after 2020, North Korea has deployed thousands of IT operatives using fake identities to get remote jobs in the U.S. and Europe.
By 2025, over 8,400 cyber operatives were active, targeting sectors like finance and defence.
Scale of the Damage
Illicit revenue: Over $5 million, with some teams earning up to $3 million/year
Top individual pay: Around $300,000/year
Crypto theft: Over $900,000
Seizures: ~200 laptops and numerous “laptop farms”
How They Operate
AI-generated resumes and deepfake interviews to secure jobs.
Laptop farms in the U.S. used to mask their location.
Malware deployment to steal data and crypto.
Bigger Picture
Part of North Korean hacker units like Bureau 121, Lazarus Group, and Kimsuky, known for global ransomware and espionage.
U.S. Crackdown
In June 2025, U.S. authorities raided, seized devices, froze accounts, and charged accomplices, disrupting millions in funding to North Korean weapons.
How Companies Can Protect Themselves
Require live identity checks
Audit network activity
Train teams on fraud signals
Monitor financial transactions
North Korea has turned remote work into a powerful funding tool for cybercrime, requiring constant vigilance to stop these evolving threats.
