Ad
Image: Envato/SteveAllenPhoto999
North Korean hackers operated a “laptop farm” scheme that used fake identities to land remote US tech jobs and illegally collect $17.1 million in wages. The sophisticated scam is part of a broader effort to exploit global labor markets through cybercrime, according to US authorities.
Cybersecurity experts described the operation as “something we’d never seen before,” citing sophisticated tactics and custom-built programs that enabled the North Koreans to bypass detection systems and exfiltrate sensitive corporate data.
North Korean IT workers go undercover
According to federal court documents and a report from The Wall Street Journal, North Korean IT workers ran a covert operation where dozens of US-based laptops were remotely controlled using compromised identities, allowing them to pose as job seekers in the US tech sector. They secured employment with American companies while operating from abroad.
Once hired, the “workers” funneled salaries — sometimes paid in cryptocurrencies or domestic bank accounts — back to North Korea using proxy accounts and intermediaries. Authorities estimate the scheme siphoned off more than $17 million in wages intended for legitimate employees.
Several Americans unknowingly or willfully participated by setting up and maintaining laptop farms, receiving employer-issued hardware and managing employment documents. This domestic cooperation gave North Korean operatives direct access to corporate systems.
Stealing more than wages
North Korean hackers targeted more than just wages. By gaining access to US companies, they also gathered sensitive corporate data, internal communications, and proprietary information. Investigators found evidence of data theft for espionage and ransom, with one worker caught downloading employer files and sending them overseas, exposing businesses to serious security and financial risks.
As reported by the WSJ, Ryan Goldberg, an incident response manager at cybersecurity firm Sygnia, analyzed a seized laptop and found tools the cybercriminals used to spy on Zoom calls and quietly extract data. “The way they were employing remote control was something we’d never seen before,” Goldberg said.
DOWNLOAD: This Incident Response Policy from TechRepublic Premium
Must-read security coverage
North Korea’s global cyber espionage
North Korea’s strategy of infiltrating remote jobs is not limited to the US; the country’s IT workers have expanded their operations to target companies in the UK and Europe as well. More aggressive tactics are being deployed in these regions, with the hackers threatening to leak proprietary information if their contracts are terminated.
This evolving pattern highlights North Korea’s ability to adapt its cyber tactics across borders, turning the global remote work economy into a new frontier for illicit revenue and intelligence gathering.
Ad
