North Korean IT Workers Using AI to Trick Firms into Remote Jobs

Cybersecurity experts have warned that North Korean IT workers are increasingly using generative AI to fraudulently secure jobs at Western tech companies, with earnings funnelled directly to the regime in Pyongyang.

 

Research by identity and access management company Okta has uncovered a growing pattern of AI-assisted deception among job applicants believed to be linked to the Democratic People’s Republic of Korea (DPRK). These individuals, often based in China or Southeast Asia, are using AI tools to pose as legitimate remote workers, often securing roles in the United States and Europe.

 

The tools help create convincing fake identities, generate CVs and cover letters, and coach candidates through interview processes. Some even use AI-generated deepfakes and voice translation tools during live interviews.

 

"Facilitators rely on GenAI tools to help underqualified, non-native English speakers hold technical roles and send earnings back to North Korea," Okta said. “Even short-term roles, scaled with automation, present a lucrative opportunity.”

 

Okta found that some applicants used automated CV testing services to optimise their chances with recruitment software, while others employed AI tools to manage multiple identities, schedule interviews, and even critique webcam performance or scripted interview answers.

 

US authorities have said the operation may have netted hundreds of millions of dollars for the DPRK, some of which is believed to fund weapons development. Individuals linked to North Korea’s Munitions Industry Department have been indicted.

 

Coinbase CISO Jeff Lunglhofer confirmed the threat is on the radar of many major companies. “We’ve introduced strict screening and in-person verification to combat this kind of threat,” he told Recorded Future News.

 

Okta has added ID verification capabilities to its platform to help firms spot and stop fraudulent hires before damage is done.