North Koreans Using Fake Identities to Work Remotely in US and Europe
North Korean operatives have been using fake or stolen identities to work remotely in the US and Europe, gaining access to corporate and military secrets to financially support the Pyongyang regime, according to newly unsealed indictments in the US.
US prosecutors have revealed that thousands of North Korean tech workers, trained by the regime, have infiltrated companies worldwide using fake or stolen identities. These operatives are reportedly stealing corporate secrets and military technology to generate revenue for the sanctions-hit North Korean government.
According to The New York Times, federal prosecutors in Massachusetts and Georgia have unsealed two indictments that detail how North Korea has used this access to both steal money and sensitive information.
Massachusetts US Attorney Leah Foley stated, “Thousands of North Korean cyber agents have been trained and deployed by the regime to blend into the global workforce.” Foley emphasized that the threat is “real and imminent.”
In response, US law enforcement agencies have conducted operations in 16 states, seizing dozens of financial accounts and fraudulent websites. Authorities also raided “laptop farms” that provided North Korean workers with access to company-provided computers for remote work.
Financial Impact and Military Secrets
Prosecutors estimate that North Korea has generated $5 million in revenue through these operations while causing $3 million in damages and expenses to US businesses. Some of the stolen information reportedly includes sensitive military technology.
Focus on Crypto Sector
In a separate case unsealed in Georgia, four North Koreans were charged with theft and money laundering. The scheme involved $900,000 in cryptocurrency, with North Korean operatives using fake identities from Malaysia and working from the United Arab Emirates (UAE).
The indictment revealed that the defendants had sought jobs in the crypto sector, including at an Atlanta-based company. One of the suspects was found to be working for a Serbian company. The stolen cryptocurrency, worth approximately $1 million, was allegedly laundered by accomplices.
Expanding Operations in Europe
A report by Google’s Threat Analysis Group in April highlighted that North Korea’s operations have expanded geographically, with a particular focus on Europe. The report found that a North Korean operative had at least 12 fake personas in the US and Europe by the end of 2024, seeking jobs in defense companies or government agencies using fake references.
North Korean workers have also been discovered working for companies in Portugal, Germany, and the UK.
