In recent years,  North Korea  has increasingly turned to  telework  in a bid to fund its controversial nuclear program. The country’s regime has allegedly infiltrated companies in the  United States , and more recently  Europe , by employing individuals with  fraudulent identities . According to investigations by the  FBI , the  Department of Justice , and  Google , these individuals are part of a larger network designed to generate income that primarily benefits the North Korean regime.

A structured framework. A cybersecurity researcher known as  Sttyk  has compiled a comprehensive database revealing the  organizational structure  of these infiltrators. The information—spanning “dozens of data gigabytes” and thousands of emails—suggests that the workers are divided into  twelve groups , each led by a central figure referred to as a “master boss.” This hierarchical organization enables better coordination and resource allocation within their operations.

Utilization of spreadsheets and digital tools. The workers utilize software like  Slack ,  Google , and  Github , along with  spreadsheets , to track their tasks and  progress towards economic and strategic goals . Notably, they compile data on the specific job requirements of targeted companies, tracking necessary programming languages and existing communication with potential employers.

Acquisition of new identities. Recently, the  BBC  reported on a defector named  Jin-Su , who shared insights from his experience as a false teleworker. He noted that much of his work involved creating fake identities to secure employment. Initially, he used Chinese identities, but as he realized the advantages of Western identities, he began acquiring names from countries like  Hungary ,  Turkey , and the  United Kingdom . This strategic pivot suggests a sophisticated understanding of global job markets.

Workers proficient in  English  conduct the most crucial outreach, as most communications occur via platforms like Slack, minimizing the need for face-to-face interactions. However, the rise of  artificial intelligence  in recruitment processes poses new challenges, as many firms have adopted AI-driven interviews, often making it easier to detect fraudulent candidates.

Targeted job sectors. The types of positions pursued by these false teleworkers predominantly reside within the technology sector. Investigations reveal a clear focus on areas like  artificial intelligence ,  blockchain technology , and  web development . By infiltrating these lucrative fields, they can maximize financial gains that, in turn, fund the North Korean war machine.

Financial implications. Jin-Su reported that false teleworkers often earn around  $5,000 per month  in roles spanning the United States and Europe. Despite having to remit  85%  of these earnings back to North Korea, he noted that the income remains significantly better than the conditions experienced within their homeland. A recent  United Nations  report highlights that these workers collectively generate between  €250 million  and  €600 million  annually for their country.

The money these workers retain upon returning to North Korea offers considerable value, thereby weakening the motives for some to defect, especially since many operate from more liberated environments in  Russia  or  China .

In parallel, another division of North Korean operatives focuses on  cryptocurrency theft , bringing in staggering sums of illicit funds. Just this past March, hackers reportedly acquired approximately  $1.5 billion , adding up to  $1.3 billion  from 47 separate incidents in December 2024.

Challenging working conditions. Despite the apparent advantages of working remotely for North Korea, conditions remain harsh.  Slack  communications from their leaders indicate that members should work “at least 14 hours a day.” While this is demanding, it pales compared to the extreme expectations set by some leading  Silicon Valley  firms.

Images are sourced from the Kremlin and Altumcode on Unsplash.

The infiltration of  teleworkers  as a method of funding North Korea’s ambitions poses serious implications for global cybersecurity. As this sophisticated nexus of technology and deception grows, the onus remains on global agencies and tech firms to develop robust defenses against these emerging threats. In an era where digital identities can be easily forged and manipulated, vigilance is paramount to prevent these hostile actions from continuing unabated.



General News – 2