Turns out, your new remote dev might be a North Korean state asset. No, really. CrowdStrike just dropped a report that should jolt every HR team wide awake: the cybersecurity firm tracked over 320 cases of North Koreans posing as remote IT workers over the past year, a whopping 220% spike from the year before. These aren’t just side hustlers in disguise. They’re part of a full-blown regime-backed scheme to fund North Korea’s nuclear weapons program, all while stealing sensitive data and opening the door to ransomware attacks.
They go by CrowdStrike’s codename “Famous Chollima,” and they are slick. These fake freelancers use AI to write resumes that check all the boxes, and in some cases, even use deepfake videos to ace remote interviews. It is like the Tinder Swindler meets LinkedIn, but with geopolitical stakes.
The scary part? Many of them are getting hired by U.S. companies. Despite sanctions that explicitly forbid doing business with North Korean nationals, companies continue to fall for well-polished online profiles, fictional job histories, and virtual charm. Some estimates suggest thousands of North Korean IT workers are quietly embedded in Western tech firms, earning paychecks and siphoning off secrets.
Related: Rune Raises $24M to Bring AI to Military Logistics.
And while the scheme is not brand new, the tactics are evolving fast.
In some rare cases, crypto companies have gotten creative with their vetting, reportedly asking job candidates to insult Kim Jong Un in interviews. (Yes, seriously.) The logic? North Koreans are so heavily monitored, even whispering criticism of their leader could expose them and put them at risk.
Meanwhile, the U.S. Department of Justice has started cracking down on stateside collaborators. Their latest target: “laptop farms”, racks of U.S.-based computers operated remotely by North Koreans to appear as if they are working domestically. One DOJ indictment claims North Koreans stole the identities of 80 Americans to land jobs at over 100 U.S. companies between 2021 and 2024.
CrowdStrike says the solution starts with better ID verification during the hiring process. AI may be leveling the playing field for job seekers, but in this case, it is also enabling one of the most ambitious cyber-espionage funding schemes on record. So next time you are onboarding a remote developer, maybe double-check that they are not working for Kim Jong Un.
