North Korea Infiltrates Remote US Jobs to Fund Weapons

By Sarah Braithwaite on November 2, 2023

Executive Summary:

The Federal Bureau of Investigations (FBI) and The Department of Justice (DOJ) have uncovered a sophisticated operation involving North Korea deploying thousands of IT workers to remotely infiltrate and work for US-based companies. These IT workers adopted fake identities and, in some cases, used stolen identification and social security numbers to secure employment in the US. The workers were deployed in countries like China and Russia, where they posed as freelance remote IT workers. To conceal their location, the workers paid Americans to use their home Wi-Fi networks to create the illusion that they were working from within the US. The investigation resulted in the seizure of $1.5 million in assets and 17 domain names associated with the operation. It was discovered that the earnings from these remote jobs were being used to fund North Korea’s weapons program and the North Korean Ministry of Defense. These IT workers also engaged in corporate espionage, infiltrating computer networks to steal information and maintain access for future hacking activities.

Technical Details:


North Korean IT workers were strategically deployed to China and Russia, posing as freelance IT professionals working remotely for U.S. companies. The IT workers used proxies to mask their actual location by rerouting their internet traffic through servers in the U.S. To further obscure their location and activities, some North Korean IT workers paid Americans to utilize their home Wi-Fi networks. Some went to the extent of compensating U.S. individuals to attend interviews on their behalf and engage in video conferencing with employers. In one specific case, an American agreed to participate in this scheme, accepting financial compensation from a North Korean worker to purchase multiple laptops and leave them connected to their home Wi-Fi network. This allowed the North Korean worker to access these computers remotely, effectively masking their location. In exchange for this service, the American received a monthly payment of one hundred dollars per laptop. They also received payments from the freelance work into their personal American banking accounts, which were later transferred to the North Korean worker. To maintain credibility and legitimacy, North Korean IT workers created “portfolio websites.” These websites featured profiles of freelance IT professionals with fictitious portfolios of previous IT work. Communication among these operatives was held through platforms such as Slack, which is commonly used by remote IT professionals. Within these communication servers, there were discussions of false identities used to open accounts on payment and freelance platforms. Additionally, the IT workers used pseudo-email and adopted personas on social media platforms to veil their identities and intentions.


Employers, especially those hiring remote workers, now face heightened vigilance when assessing potential employees. The use of pseudo-email accounts, social media, and other platforms adds complexity to this situation, making it harder for companies to detect and prevent these infiltrations. The circumstances surrounding this case serve as a reminder of the importance of a comprehensive hiring process to protect against a wide range of sophisticated attacks. The COVID-19 pandemic has not only increased the reliance on remote work and technology, but it has also made these areas a target for malicious actors. In response to this landscape, organizations must harden their defenses and adopt a more attentive hiring process to prevent threats in the remote workspace.


Guardian News and Media. (2023, October 19). North Korean it workers sent us pay home for weapons program, says FBI. The Guardian.

Justice Department announces court-authorized action to disrupt illicit revenue generation efforts of Democratic People’s Republic of Korea Information Technology Workers. Office of Public Affairs | United States Department of Justice. (2023, October 18).

Radauskas, G. (2023). North Koreans using false identities to get us jobs and … – cybernews. Cybernews.

Salter, J. (2023, October 19). Thousands of remote it workers sent wages to North Korea to help fund weapons program, FBI says. AP News.