How North Korean IT Workers Operate Globally
“Western companies secretly hire thousands of North Korean IT workers abroad, generating massive income for the regime. These workers pose as remote freelancers, using fake identities to access platforms and jobs in countries like the US, UK, and across Europe.
One defector, who formerly worked in this scheme, revealed how he earned up to $5,000 a month—sending as much as 85% back to the North Korean government. His story unveils the inner workings of a covert digital operation that generates between $250 million to $600 million annually.
Inside the Secret Scheme of North Korean IT Workers
Many of these workers operate from countries like China, Russia, or various regions in Africa. Though still under surveillance, they have more internet access than in North Korea, allowing them to interact with job platforms, clients, and collaborators abroad.
How North Korean IT Workers Fake Identities to Get Hired
To bypass sanctions and raise salaries, IT workers often use layers of stolen or borrowed identities. They first pose as Chinese nationals, then acquire identities from individuals in Hungary, Turkey, or the UK. This allows them to appear as Western freelancers and apply for better-paying jobs in Europe and America.
Some workers use advanced AI tools to mask their accents or even digitally alter their appearance during interviews. Most communications occur via platforms like Slack, making deception easier.
Not Just Coding – Sometimes Cybercrime
Although the primary goal is steady income for the regime, some IT workers go further—stealing data, hacking companies, or demanding ransom. Several have been indicted in the US for fraud and crypto crimes.
Recent legal cases reveal that individuals in the West—sometimes unknowingly—facilitate these operations by helping workers secure jobs or launder payments.
What Hiring Managers Are Seeing
Recruiters in the cybersecurity and software sectors are becoming more aware of the trend. Some report encountering dozens of suspicious candidates during hiring rounds. Organizations now use techniques like daylight video calls and background verification to identify potential fraud.
A notable red flag is candidates who refuse video calls, provide inconsistent documentation, or apply using freshly created LinkedIn accounts with limited interaction.
Life Under the Regime—and Abroad
IT workers may earn more abroad than the average citizen in North Korea, but their lives remain tightly controlled. Many live in confined housing, cannot go out freely, and endure constant surveillance from state minders.
Still, exposure to the outside world gives some a glimpse of freedom. A few brave individuals, like the defector quoted above, risk everything to escape the system—even if it means leaving their families behind and facing danger.
Why It Continues
The North Korean government has long relied on foreign labor to generate cash. This digital version is harder to trace and more profitable, especially with the boom in remote work. Despite international sanctions, the demand for IT talent keeps growing, giving cover for continued infiltration.
What Can Be Done?
Governments, cybersecurity firms, and employers are increasingly collaborating to stop this activity. Suggestions include:
- Better verification processes for remote hires
- Education for HR teams to detect red flags
- Sanctions enforcement against known facilitators
- Global cooperation on identity fraud detection
A Hidden Threat in Plain Sight
The story of North Korean IT workers abroad is a cautionary tale about how easily international systems can be exploited. While many of these individuals are simply trying to survive, their labor fuels a repressive regime—and the world must take notice.
