{"id":161975,"date":"2025-08-10T22:46:06","date_gmt":"2025-08-10T22:46:06","guid":{"rendered":"https:\/\/teknomers.com\/en\/we-were-aware-that-north-korea-has-been-sending-infiltrators-to-work-at-companies-in-the-west-now-we-understand-their-methods\/"},"modified":"2025-08-10T22:46:08","modified_gmt":"2025-08-10T22:46:08","slug":"we-were-aware-that-north-korea-has-been-sending-infiltrators-to-work-at-companies-in-the-west-now-we-understand-their-methods","status":"publish","type":"post","link":"https:\/\/teknomers.com\/en\/we-were-aware-that-north-korea-has-been-sending-infiltrators-to-work-at-companies-in-the-west-now-we-understand-their-methods\/","title":{"rendered":"We were aware that North Korea has been sending infiltrators to work at companies in the West. Now, we understand their methods."},"content":{"rendered":"\n<p>In recent years, \u00a0North Korea\u00a0 has increasingly turned to \u00a0telework\u00a0 in a bid to fund its controversial nuclear program. The country&#8217;s regime has allegedly infiltrated companies in the \u00a0United States\u00a0, and more recently \u00a0Europe\u00a0, by employing individuals with \u00a0fraudulent identities\u00a0. According to investigations by the \u00a0FBI\u00a0, the \u00a0Department of Justice\u00a0, and \u00a0Google\u00a0, these individuals are part of a larger network designed to generate income that primarily benefits the North Korean regime.<\/p>\n<p><!-- BREAK 1 --> <\/p>\n<p><strong>A structured framework<\/strong>. A cybersecurity researcher known as \u00a0Sttyk\u00a0 has compiled a comprehensive database revealing the \u00a0organizational structure\u00a0 of these infiltrators. The information\u2014spanning &#8220;dozens of data gigabytes&#8221; and thousands of emails\u2014suggests that the workers are divided into \u00a0twelve groups\u00a0, each led by a central figure referred to as a &#8220;master boss.&#8221; This hierarchical organization enables better coordination and resource allocation within their operations.<\/p>\n<p><!-- BREAK 2 --><\/p>\n<p><strong>Utilization of spreadsheets and digital tools<\/strong>. The workers utilize software like \u00a0Slack\u00a0, \u00a0Google\u00a0, and \u00a0Github\u00a0, along with \u00a0spreadsheets\u00a0, to track their tasks and \u00a0progress towards economic and strategic goals\u00a0. Notably, they compile data on the specific job requirements of targeted companies, tracking necessary programming languages and existing communication with potential employers.<\/p>\n<p><!-- BREAK 3 -->  <\/p>\n<p><strong>Acquisition of new identities<\/strong>. Recently, the \u00a0BBC\u00a0 reported on a defector named \u00a0Jin-Su\u00a0, who shared insights from his experience as a false teleworker. He noted that much of his work involved creating fake identities to secure employment. Initially, he used Chinese identities, but as he realized the advantages of Western identities, he began acquiring names from countries like \u00a0Hungary\u00a0, \u00a0Turkey\u00a0, and the \u00a0United Kingdom\u00a0. This strategic pivot suggests a sophisticated understanding of global job markets.<\/p>\n<p><!-- BREAK 4 --><\/p>\n<div class=\"article-asset article-asset-normal article-asset-center\">\n<div class=\"desvio-container\">\n<div class=\"desvio\">\n<div class=\"desvio-figure js-desvio-figure\"><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n<p>Workers proficient in \u00a0English\u00a0 conduct the most crucial outreach, as most communications occur via platforms like Slack, minimizing the need for face-to-face interactions. However, the rise of \u00a0artificial intelligence\u00a0 in recruitment processes poses new challenges, as many firms have adopted AI-driven interviews, often making it easier to detect fraudulent candidates.<\/p>\n<p><!-- BREAK 5 --><\/p>\n<p><strong>Targeted job sectors<\/strong>. The types of positions pursued by these false teleworkers predominantly reside within the technology sector. Investigations reveal a clear focus on areas like \u00a0artificial intelligence\u00a0, \u00a0blockchain technology\u00a0, and \u00a0web development\u00a0. By infiltrating these lucrative fields, they can maximize financial gains that, in turn, fund the North Korean war machine.<\/p>\n<p><!-- BREAK 6 --><\/p>\n<p><strong>Financial implications<\/strong>. Jin-Su reported that false teleworkers often earn around \u00a0$5,000 per month\u00a0 in roles spanning the United States and Europe. Despite having to remit \u00a085%\u00a0 of these earnings back to North Korea, he noted that the income remains significantly better than the conditions experienced within their homeland. A recent \u00a0United Nations\u00a0 report highlights that these workers collectively generate between \u00a0\u20ac250 million\u00a0 and \u00a0\u20ac600 million\u00a0 annually for their country.<\/p>\n<p><!-- BREAK 7 --><\/p>\n<p>The money these workers retain upon returning to North Korea offers considerable value, thereby weakening the motives for some to defect, especially since many operate from more liberated environments in \u00a0Russia\u00a0 or \u00a0China\u00a0.<\/p>\n<p><!-- BREAK 8 --><\/p>\n<p>In parallel, another division of North Korean operatives focuses on \u00a0cryptocurrency theft\u00a0, bringing in staggering sums of illicit funds. Just this past March, hackers reportedly acquired approximately \u00a0$1.5 billion\u00a0, adding up to \u00a0$1.3 billion\u00a0 from 47 separate incidents in December 2024.<\/p>\n<p><!-- BREAK 9 --><\/p>\n<p><strong>Challenging working conditions<\/strong>. Despite the apparent advantages of working remotely for North Korea, conditions remain harsh. \u00a0Slack\u00a0 communications from their leaders indicate that members should work &#8220;at least 14 hours a day.&#8221; While this is demanding, it pales compared to the extreme expectations set by some leading \u00a0Silicon Valley\u00a0 firms.<\/p>\n<p><!-- BREAK 10 --> <\/p>\n<p>Images are sourced from the <a rel=\"noopener noreferrer nofollow\" href=\"http:\/\/kremlin.ru\/events\/president\/news\/72264\/photos\/72787\" target=\"_blank\">Kremlin<\/a> and <a rel=\"noopener noreferrer nofollow\" href=\"https:\/\/unsplash.com\/es\/@altumcode?utm_content=creditCopyText&#038;utm_medium=referral&#038;utm_source=unsplash\" target=\"_blank\">Altumcode<\/a> on <a rel=\"noopener noreferrer nofollow\" href=\"https:\/\/unsplash.com\/es\/fotos\/computadora-portatil-negra-abierta-oZ61KFUQsus?utm_content=creditCopyText&#038;utm_medium=referral&#038;utm_source=unsplash\" target=\"_blank\">Unsplash<\/a>.<\/p>\n<p>The infiltration of \u00a0teleworkers\u00a0 as a method of funding North Korea\u2019s ambitions poses serious implications for global cybersecurity. As this sophisticated nexus of technology and deception grows, the onus remains on global agencies and tech firms to develop robust defenses against these emerging threats. In an era where digital identities can be easily forged and manipulated, vigilance is paramount to prevent these hostile actions from continuing unabated.<\/p>\n<p><br \/>\n<br \/><a href=\"https:\/\/teknomers.com\/category\/general\/\" rel=\"dofollow\">General News &#8211; 2<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In recent years, \u00a0North Korea\u00a0 has increasingly turned to \u00a0telework\u00a0 in a bid to fund its controversial nuclear program. The country&#8217;s regime has allegedly infiltrated companies in the \u00a0United States\u00a0, and more recently \u00a0Europe\u00a0, by employing individuals with \u00a0fraudulent identities\u00a0. According to investigations by the \u00a0FBI\u00a0, the \u00a0Department of Justice\u00a0, and \u00a0Google\u00a0, these individuals are [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":161976,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36399],"tags":[2199,1723,40340,1195,4361,1194,1410,3430,3007,319],"class_list":["post-161975","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-aware","tag-companies","tag-infiltrators","tag-korea","tag-methods","tag-north","tag-sending","tag-understand","tag-west","tag-work"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/en\/wp-json\/wp\/v2\/posts\/161975","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/en\/wp-json\/wp\/v2\/comments?post=161975"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/en\/wp-json\/wp\/v2\/posts\/161975\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/en\/wp-json\/wp\/v2\/media\/161976"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/en\/wp-json\/wp\/v2\/media?parent=161975"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/en\/wp-json\/wp\/v2\/categories?post=161975"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/en\/wp-json\/wp\/v2\/tags?post=161975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}