Microsoft has blocked 3,000 Outlook and Hotmail accounts linked to a campaign impersonating North Korean IT workers to help fund the Kim Jong Un regime's weapons program.
This campaign used fake IT experts to access remote jobs, thereby laundering money and providing hundreds of millions of dollars in revenue to North Korea, and was detected and stopped by US security agencies in coordination.
MAIN CONTENT
Microsoft, in coordination with the US government, suspended 3,000 fake email accounts of North Korean IT employees.
North Korean IT experts faked real work to hide financial fraud.
Microsoft uses AI technology and behavioral analytics to detect and block these sophisticated scams.
How did Microsoft detect and handle the incident?
Microsoft, the U.S. Department of Justice, the FBI and other federal agencies have launched a coordinated operation to dismantle a fraud network called “Jasper Sleet,” a large-scale international operation that used fake identities to recruit remote IT workers.
These North Korean individuals use their real technical skills to evade suspicion and even be regarded by employers as real professionals. They are not hackers but rather software developers, QA engineers, or IT support staff working dutifully under false pretenses.
“These are not hackers who break into the system, but highly qualified IT experts who work for real and pass the interview. The only difference is that they are directly under the North Korean government.”
Jeremy Dallman, Director of the Microsoft Threat Intelligence Center, June 2025
What was notable throughout the campaign?
Microsoft has discovered “laptop farms”—places where devices are rented or operated by helpers to gain and maintain access to employer-provided computers. At least 29 such locations have been raided by law enforcement.
For example, a worker in Maryland, USA, signed contracts for 13 jobs at once representing a group of North Korean IT workers, earning nearly $1 million in remote wages.
How much revenue does the North Korean IT worker program generate?
According to the United Nations, the program could generate up to $600 million a year, much of which is used to support North Korea's cybercrime and nuclear program.
What technologies does Microsoft use to prevent and detect?
Microsoft uses custom artificial intelligence and machine learning systems to quickly detect fake accounts and suspicious behavior, like “impossible time travel” analysis to detect logins from unrealistic geographic locations in very short periods of time.
They also found that North Koreans used AI to edit job applications, enhance personal images, or use FaceSwap technology to fake real-life identities.
“Jasper Sleet is constantly changing and improving its tactics, especially using AI to bypass detection. We are always closely monitoring and trying to stay proactive in these developments.”
Jeremy Dallman, Director of the Microsoft Threat Intelligence Center, June 2025
Why is this story serious?
The North Korean regime is using revenue from its rogue IT network to subsidize its nuclear weapons program in the face of international sanctions. This is not just a cybersecurity issue, but a global national security and legal challenge.
How does this campaign affect recruiting companies and the tech industry?
Identity theft and remote earning by individuals posing as IT professionals undermines the credibility of the global freelance labor market. Employers need to strengthen security and rigorous authentication to avoid exploitation.
Microsoft recommends that companies adopt multi-factor authentication, real-time risk monitoring, and incorporate AI behavioral analytics tools to detect risks early.
Signs of Fraud and How to Prevent It By North Korean IT workers?
Common signs include a history of constantly changing profiles, using the same name, email, and resume template across multiple platforms. Companies should be wary of candidates with overly perfect interview and work histories or geographic access anomalies.
Prevention includes staff training, implementing endpoint security tools, and regularly updating intelligence from cybersecurity organizations.
Frequently Asked Questions
How Microsoft detects North Korea's fake accounts? Microsoft uses AI technology and "impossible time travel" login behavior analysis to identify suspicious accounts and unusual behavior. How big is North Korea's IT worker program? It is estimated that the program generates about $600 million a year in revenue from impersonation and remote work. Why does North Korea use fake IT workers to earn money remotely? They use IT skills to bypass international sanctions, earn money for nuclear activities and military plans. What should companies do to prevent this trick? Apply strong authentication, monitor AI behavior, and coordinate with governments and platforms to carefully select personnel. Has Microsoft's reputation been affected by this incident? Microsoft actively handled and coordinated with the government to help strengthen security, demonstrate responsibility and credibility in the technology industry.
Source: https://tintucbitcoin.com/microsoft-xoa-3-000-email-nhan-vien-trieu-tien/
Thank you for reading this article!
Please Like, Comment and Follow TinTucBitcoin to stay updated with the latest news about the cryptocurrency market and not miss any important information!