- Nisos Uncovers Major DPRK Employment Fraud Campaign Embedding Operators in US Tech Companies
- 22 agents submitted more than 166,000 applications, landed more than 21,000 interviews and 76 job offers using stolen identities, AI tools and local stand-ins
- Targets were mostly software/data roles; the scheme mixed deception and AI tactics to generate wages and access systems to the regime’s revenues
Security researchers have uncovered a massive North Korean operation aimed at recruiting state-sponsored operatives to US-based technology companies.
Nisos released an in-depth report detailing how the group used stolen identities, AI tools, remote access technologies and even locals to get hired.
Shockingly, the campaign resulted in 76 job offers, about 3.5 offers per agent.
Heavy use of AI
Nisos said the investigation started when a suspected North Korean operative applied for an external AI architect position with the company.
In cooperation with law enforcement, the company revealed a 22-person cell that between December 2024 and September 2025 submitted at least 166,893 job applications, resulting in more than 21,645 interviews with US companies.
The operation was well organized, Nisos said, and had administrators, managers, team leaders, operators and more. Members communicated via Discord, used performance tracking dashboards and identity brokers.
Each employee managed multiple hires at the same time and tracked various metrics such as number of applications submitted, interviews completed and offers received.
To increase their legitimacy, the fraudsters relied heavily on AI. They used AI-generated CVs, AI-assisted interview coaching as well as real-time response generation during interviews. In addition, they used voice training applications to improve their chances of securing the job, and when they had to appear in person or go through onboarding sessions, they brought local stand-ins who were later paid in ERC20 cryptocurrency (Ethereum).
Most of the time, they targeted software engineering, development and data-related roles (70%). Salaries for these positions ranged from $55,000 to $230,000.
“DPRK employment fraud has evolved into a highly organized and scalable operation that blends human deception, technical craft, and AI-enabled tactics,” said Ryan LaSalle, CEO of Nisos. “What makes this threat particularly worrisome is that these actors no longer rely solely on traditional cybercrime. They embed themselves in organizations, collect salaries, access systems and data, and generate revenue for the regime through seemingly legitimate employment.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
