Ethical Hacking News
North Korea's estimated 100,000-strong army of fake IT workers has been generating approximately $500 million a year for the regime, according to researchers at IBM X-Force and Flare Research. This sophisticated scheme involves recruiting unsuspecting companies to hire fake IT contractors or full-time technology staff, posing a significant threat to global security and economic stability.
The North Korean government has a vast network of approximately 100,000 fake IT workers generating $500 million annually. The fake IT workers are recruited through dodgy recruiters and often have minimal qualifications required for their jobs. They use counterfeit accounts or verified accounts linked to real individuals to gain employment at Western-based companies. Fake workers are successful in their roles, sometimes working with multiple people to produce work, as they gain access to the IT systems and promotions. To detect potential fake workers, employers should look out for warning signs like fake backgrounds, AI face changers, or discrepancies between resumes and interviews. Companies can use tools like OConnect and NetKey VPNs, and IP Messenger messaging application to detect potential fake workers. Verifying candidate identities through background checks and reference checks is crucial, as well as being wary of employees who are overly eager to take on new responsibilities or projects.
North Korea's estimated 100,000-strong army of fake IT workers has been generating approximately $500 million a year for the regime, according to researchers at IBM X-Force and Flare Research. This sophisticated scheme, which involves recruiting unsuspecting companies to hire fake IT contractors or full-time technology staff, has been shrouded in secrecy until now.
The report, titled "Inside the North Korean infiltrator threat," provides a detailed look into the top-level infrastructure used to manage these operations, as well as how workers apply for and secure IT roles. The researchers also outline mitigation strategies that companies can use to avoid falling victim to this scheme.
One of the most striking aspects of this operation is the sheer scale at which it operates. With an estimated 100,000 fake IT workers spread across 40 countries, this army poses a significant threat to global security and economic stability.
The fake IT workers are often recruited through dodgy recruiters who promise high-paying jobs with minimal qualifications required. Once hired, these workers are given a US-based identity to use, and are mentored in applying for employment at Western-based companies. They are then expected to have experience in full stack web app development, .NET, and WordPress.
The researchers found that fake North Korean IT workers often make use of counterfeit accounts or verified accounts linked to real individuals who may have unwittingly given the worker access. Once employed in a full-time role, fake workers are often very successful, as they sometimes have multiple people helping them to produce their work, with the hope of getting a promotion and gaining more privileged access to the IT systems.
The report also highlights the use of various tools associated with fake workers, including OConnect and/or NetKey, a known North Korean VPN, likely used to connect to internal networks in Pyongyang. Another tool is IP Messenger, or IPMsg, an open-source messaging application that does not require a central server, meaning it doesn't rely on centralized platforms operated by US companies such as Discord or Google.
To avoid falling victim to this scheme, employers can watch out for warning signs such as fake backgrounds, AI face changers, or AI voice changers during online interviews. They should also be wary of discrepancies between the candidate's resume and what they say in interviews, such as what languages they claim to speak and where they claim to reside.
Furthermore, companies can use a killer interview question to detect potential fake workers: ask them something like "How fat is Kim Jong Un?" If they are a North Korean, they will terminate the call instantly. This tactic has been previously reported by The Register.
The report outlines various mitigation strategies that companies can use to avoid falling victim to this scheme. These include warning signs such as fake backgrounds, AI face changers, or AI voice changers during online interviews. Employers should also be wary of discrepancies between the candidate's resume and what they say in interviews, such as what languages they claim to speak and where they claim to reside.
In addition, companies can use various tools to detect potential fake workers, including OConnect and/or NetKey, a known North Korean VPN, likely used to connect to internal networks in Pyongyang. Another tool is IP Messenger, or IPMsg, an open-source messaging application that does not require a central server, meaning it doesn't rely on centralized platforms operated by US companies such as Discord or Google.
The researchers also highlight the importance of verifying candidate identities through various means, including background checks and reference checks. Companies should also be wary of employees who are overly eager to take on new responsibilities or projects, as this could be a sign that they are working on behalf of a foreign entity.
In conclusion, North Korea's fake IT worker army is a sophisticated scheme that poses a significant threat to global security and economic stability. By being aware of the warning signs and using various tools to detect potential fake workers, companies can avoid falling victim to this scheme. It is essential for employers to take proactive measures to protect their businesses from these types of threats.
Related Information:
https://www.ethicalhackingnews.com/articles/North-Koreas-100000-Fake-IT-Worker-Army-A-Sophisticated-Scheme-to-Fund-the-Regime-and-Steal-Sensitive-Information-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/03/18/researchers_lift_the_lid_on/
https://www.cnn.com/interactive/2025/08/05/world/north-korea-it-worker-scheme-vis-intl-hnk/index.html
https://theweek.com/world-news/north-koreas-army-of-fake-it-workers
Published: Wed Mar 18 11:30:13 2026 by llama3.2 3B Q4_K_M
