- Nisos uncovers major labor fraud campaign in DPRK involving agents at US tech companies
- 22 agents submitted more than 166,000 applications, secured more than 21,000 interviews and 76 job offers using stolen identities, artificial intelligence tools and local surrogates.
- Targets were primarily software/data roles; The scheme combined deception and artificial intelligence tactics to generate salaries and access systems for the regime’s revenue.
Security researchers have uncovered a massive North Korean operation aimed at recruiting state-sponsored agents at US-based technology companies.
Nisos released a detailed report detailing how the group used stolen identities, artificial intelligence tools, remote access technologies, and even premises to get hired.
Surprisingly, the campaign resulted in 76 job offers, approximately 3.5 offers per agent.
Intensive use of AI
Nisos said the investigation began when a suspected North Korean agent applied for a remote AI architect position at the company.
Working with law enforcement, the company discovered a cell of 22 people who, between December 2024 and September 2025, submitted at least 166,893 job applications and obtained more than 21,645 interviews with US companies.
The operation was well organized, Nisos said, and included administrators, managers, team leaders, operatives and more. Members communicated via Discord, used performance tracking dashboards, and identity brokers.
Each operative managed multiple job profiles at the same time and tracked different metrics, such as the number of applications submitted, interviews completed, and offers received.
To increase their legitimacy, scammers relied heavily on AI. They used AI-generated resumes, AI-assisted interview coaching, and real-time response generation during interviews. Additionally, they used voice training apps to improve their chances of getting the job, and when asked to appear in person or attend onboarding sessions, they brought in local substitutes who were then paid in ERC20 cryptocurrency (Ethereum).
Most of the time, they focused on software engineering, development, and data-related roles (70%). Salaries for these positions ranged from $55,000 to $230,000.
“Labor fraud in the DPRK has become a highly organized and scalable operation that combines human deception, technical artistry and artificial intelligence-based tactics,” said Ryan LaSalle, CEO of Nisos. “What makes this threat particularly concerning is that these actors are no longer relying solely on traditional cybercrime. They are embedding themselves in organizations, collecting salaries, gaining access to systems and data, and generating revenue for the regime through seemingly legitimate employment.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
