North Korean IT worker infiltrations explode, with GenAI weaponized at every stage of the hiring process

(Tumisu / Pixabay)

By Amanda Gerut • Aug 04, 2025

The number of companies that hired North Korean software developers grew a staggering 220% during the past 12 months—and most of their success is due to automating and optimizing the workflow involved in fraudulently obtaining and holding tech jobs, Crowdstrike’s 2025 Threat Hunting report released on Monday revealed. The IT workers infiltrated more than 320 companies in the past 12 months.

The North Korean IT worker scheme is a vast conspiracy to evade punishing financial sanctions on the Democratic People’s Republic of Korea due to authoritarian ruler Kim Jong Un’s human-rights abuses and relentless quest to develop weapons of mass destruction. To dodge the sanctions and make money to keep funding its nuclear program, North Korea now trains young men and boys in tech, sends them to elite schools in and around Pyongyang, and then deploys them in teams of four or five to locations around the world including China, Russia, Nigeria, Cambodia, and the United Arab Emirates.

The workers are each required to earn $10,000 a month, according to a defector, and have managed to do so by getting remote jobs doing IT work at U.S. and European companies while earning good salaries, court records show. Since 2018, the UN estimates, the scheme has generated between $250 million to $600 million per year on the backs of thousands of North Korean men.