Unmasking the Deception: North Korean IT Workers Infiltrate Western Tech Companies

At first glance, everything seemed flawless—the resume, the technical skills, the confident completion of the test assignment. But when British entrepreneur Simon Wijkmans joined a video call with a candidate named Thomas, he was greeted by a young man of Asian appearance, speaking with a heavy accent and plagued by suspiciously poor internet connectivity. Background noises suggested he was in a dormitory or call center. Though he answered questions with composure, his main focus was salary. Too many coincidences—and too little genuine interest in the work itself.

Later, another candidate betrayed himself even more blatantly: in the reflection of his glasses, Wijkmans spotted a chat window, raising immediate suspicion of external assistance. A review of applicant data confirmed his growing unease. His job posting for a full-stack developer had attracted hundreds of eerily similar profiles—many of them accessing the site via VPNs. As it would later turn out, this was not a case of flawed recruitment, but part of a large-scale scheme to embed North Korean IT workers into Western companies.

The operation behind this deception is staggering in both scale and audacity. For several years, North Korea has been systematically training teams of IT specialists, often stationing them abroad. These operatives seek remote work in the U.S., Europe, and Japan, forging résumés, using stolen or fictitious identities, and even deploying AI to pass interviews and technical assessments. Once hired, the operative requires a “representative” located in the target country—a role filled by American citizen Kristina Chapman.

Once living in a trailer in Minnesota, Chapman had, by 2022, relocated to a four-bedroom house in Arizona. She became a pivotal figure in the network—producing counterfeit documents, receiving salaries, transferring funds overseas, and most importantly, managing a so-called “laptop farm.” Each fake employee had corporate hardware shipped to her address, where she would install remote access tools. The real operators, often working from Pyongyang or Shenzhen, appeared in company systems as employees logging in from Ohio.

Her TikTok and YouTube videos occasionally featured racks of laptops, each tagged with sticky notes bearing names and company labels. It was this digital breadcrumb trail that led U.S. intelligence agencies to uncover a sprawling scheme involving over 300 companies, including telecom giants, automakers, IT corporations, and defense contractors. Chapman is alleged to have funneled over $17 million through her hands—most of which, according to the indictment, ultimately found its way to North Korea.

And these cases are multiplying. In Tennessee, 38-year-old Matthew Knuth is set to stand trial for orchestrating a similar operation. In Poland, authorities arrested Oleksandr Didenko, who built a platform for recruiting fake IT professionals. In January 2025, Florida prosecutors charged two Americans and their North Korean accomplices for running fictitious staffing agencies through which North Korean operatives infiltrated 64 companies.

Such operations are made possible by North Korea’s systemic approach to workforce development. According to South Korean intelligence, the country’s cyber divisions swelled to 8,400 members by 2024. The most promising students are funneled into elite units where they study foreign languages, programming, and social engineering tactics. These operatives are then deployed abroad, often living 10 to 20 per cramped apartment, working up to 14 hours a day under the strict supervision of handlers. Each is bound by strict financial quotas, with relatives in North Korea held as collateral to prevent defection.

The financial return on these operations is astonishing. Estimates suggest a single team can generate up to $3 million annually—funds that help sustain Kim Jong-un’s regime, including its nuclear ambitions. Cryptocurrency theft is another lucrative channel: in 2022, $600 million was siphoned from the Axie Infinity project; in February 2025, $1.5 billion vanished from the Bybit exchange.

Fake employees can remain embedded within companies for years without arousing suspicion—though sometimes a single day is enough to plant malicious code, gain access to internal systems, or install a stealthy backdoor. Modern tools such as deepfakes, AI, and virtual assistants have made identity forgery more seamless than ever, while platforms like ChatGPT now enable candidates to pass even complex technical interviews.

Employers are beginning to fight back. Some now deploy bait pages with fake tests that trigger dozens of pop-ups featuring escape-from-North-Korea messaging, dramatic music, and blaring alerts—at the very least, to ruin the imposter’s day. But as Wijkmans admits, these are acts of desperation.

Meanwhile, somewhere across the globe, another “Harry” or “Daniel” is logging into their team’s morning stand-up—and may already be working on your next project.