AIID editor's note: See the advisory PDF linked to in this report for the brief reference to AI use.

Today, the U.S. Departments of State and Treasury, and the Federal Bureau of Investigation, issued an advisory to alert the international c…

Seizures of Money and Infrastructure from Democratic People's Republic of Korea (DPRK) IT Workers Follows Successful Efforts to Empower Independent Private Sector Disruptive Actions

On Oct. 17, pursuant to a court order issued in the Easter…

IT Workers Infiltrated More than 300 U.S. Companies, Earning Millions

            WASHINGTON -- The Justice Department unsealed charges, seizures, and other court-authorized actions to disrupt the illicit revenue generation efforts of the D…

An Arizona woman participated in a scheme to help North Korean information technology workers pose as U.S. citizens so they could apply for remote work positions at Americans companies, federal prosecutors said Thursday as they unsealed cha…

*First of all: No illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems. This is not a data breach notification, there was none. See it as an organizational learning moment I am sharing with you…

A remote worker hired by KnowBe4 as a software engineer on its internal IT team was actually a persona controlled by a North Korean threat actor, the security firm revealed in a blog post Tuesday. 

Detailing a seemingly thorough interview p…

Defendant Used a "Laptop Farm" to Deceive Companies Into Thinking They Had Hired a U.S.-Located Worker

Matthew Isaac Knoot, 38, of Nashville, Tennessee, was arrested today for his efforts to generate revenue for the Democratic People's Repu…

A Nashville resident was arrested Thursday on charges of facilitating a remote IT-worker scheme that funneled hundreds of thousands of dollars to North Korea's illicit weapons program. 

Matthew Isaac Knoot, 38, allegedly assisted North Kore…

New KnowBe4 white paper provides advice on how organizations can protect themselves from this common hiring scam

KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it ha…

Strategic Overview of IT Workers

Since 2022, Mandiant has tracked and reported on IT workers operating on behalf of the Democratic People's Republic of Korea (DPRK). These workers pose as non-North Korean nationals to gain employment with o…

A company has been hacked after accidentally hiring a North Korean cyber criminal as a remote IT worker.

The unidentified firm hired the technician after he faked his employment history and personal details.

Once given access to the company…

New KnowBe4 training addresses critical security risks in hiring processes, sharing insights for other organizations to learn the pitfalls and avoid mistakenly hiring hackers

KnowBe4, the provider of the world's largest security awareness t…

Justice Department Continues Efforts to Seize the Illicit Proceeds of the Scheme

Note: View the indictment here and FBI Wanted Posters here.

A federal court in St. Louis, Missouri, yesterday indicted 14 nationals of the Democratic People's …

A federal court has indicted 14 more North Korean IT workers as part of an ongoing U.S. government campaign to crack down on Pyongyang's use of tech professionals to swindle American companies and nonprofits.

The Justice Department said the…

The U.S. Treasury Department announced sanctions Thursday against two individuals and four entities allegedly involved in generating revenue for North Korea through illicit remote IT workforce operations, the latest salvo in ongoing efforts…

Action is Latest Disruption of U.S.-Based "Laptop Farms" that Deceive U.S. Companies Into Hiring DPRK Nationals

Note: View the indictment here.

The Justice Department today announced the indictment of North Korean nationals Jin Sung-Il (진성일…

The U.S. government delivered another blow to North Korea's fake IT worker scheme Thursday, with the Department of Justice announcing indictments against five men for fraudulently obtaining remote credentials to work with American companies…

WASHINGTON -- Christina Marie Chapman, 48, of Litchfield Park, Arizona, pleaded guilty today in U.S. District Court in Washington D.C. in connection with a scheme that assisted overseas IT workers---posing as U.S. citizens and residents---i…

North Korean nationals have infiltrated businesses across the globe with a more expansive level of organization and deep-rooted access than previously thought, insider risk management firm DTEX told CyberScoop. 

This swarm of technical Nort…

AIID editor's note: Please contact Gartner for the full report.

Candidate fraud is rising as candidates adopt GenAI, submit fraudulent documents or hide their location. Recruiting leaders must deploy ID verification tools and strengthen scr…

The names on their résumés are usually ultra-American-sounding, like "Mike Smith" or "Thomas Williams." Their bios on social media, or the tech platform GitHub, are often generic-sounding but nevertheless emphasize deep experience in decent…

Executive Summary

Evidence suggests that North Korean IT workers are using real-time deepfake technology to infiltrate organizations through remote work positions, which poses significant security, legal and compliance risks. The detection …

RSAC Concerned a new recruit might be a North Korean stooge out to steal intellectual property and then hit an org with malware? There is an answer, for the moment at least.

According to Adam Meyers, CrowdStrike's senior veep in the counter…

SAN FRANCISCO --- North Korean nationals have infiltrated the employee ranks at top global companies more so than previously thought, maintaining a pervasive and potentially widening threat against IT infrastructure and sensitive data.

"The…

On paper, the first candidate looked perfect. Thomas was from rural Tennessee and had studied computer science at the University of Missouri. His résumé said he'd been a professional programmer for eight years, and he'd breezed through a …

A seasoned cyberthreat expert has unconventional advice for hiring managers interviewing remote IT workers: Gauge candidates' willingness to insult the authoritarian supreme leader of North Korea.

"My favorite question is something to the e…

The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files.

NTT S…

A growing number of the nation's top tech firms have hired remote information technology workers, only to discover that the employees were actually North Korean cyber operatives.

Their goal? Cashing in on top tech salaries to funnel million…

Dive Brief:

• Chinese front companies are helping North Korean IT workers get jobs and evade international sanctions, according to a report from strategic intelligence firm Strider Technologies.
• Firms affiliated with the Chinese government h…

The young developers are having the time of their lives. They pop open bottles of sparkling wine, eat steak dinners, play soccer together, and lounge around in a luxurious private swimming pool, all of their activity captured in photos that…

Most business owners put at least some effort into defending themselves from the increasing risks of cyberattacks, ransomware demands, and fraud schemes run by fake job applicants. Now they're getting warnings from security experts about th…

Exposing DPRK:
Nation-State Threat Actors

North Korea's cyber threat operates more like an international criminal network than a traditional state-sponsored group. Discover the surprising motivations and intricate operations behind DPRK's c…

Christina Chapman looked the part of an everyday American trying to make a name for herself in hustle culture.

In prolific posts on her TikTok account, which grew to more than 100,000 followers, she talked about her busy life working from h…

AIID editor's note: Please contact Gartner for the full report.

Candidate fraud — driven by GenAI use — is on the rise, but most HR platforms still lack detection tools. As talent quality pressures grow, recruiting leaders need a more resil…

The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets allegedly linked to a global IT wor…

A new cyber attack campaign by North Korea-linked group BlueNoroff has come to light, targeting a Web3 industry employee through deepfake Zoom calls and macOS malware. Security researchers say the incident reflects growing sophistication in…

AI tools such as chatbots, deepfake software, and fake ID generators have helped criminals automate and expand the process of carrying out crypto scams and other related crimes, according to 'The state of crypto scams 2025' report by blockc…