AIID editor's note: See the advisory PDF linked to in this report for the brief reference to AI use.

Today, the U.S. Departments of State and Treasury, and the Federal Bureau of Investigation, issued an advisory to alert the international c…

Seizures of Money and Infrastructure from Democratic People's Republic of Korea (DPRK) IT Workers Follows Successful Efforts to Empower Independent Private Sector Disruptive Actions

On Oct. 17, pursuant to a court order issued in the Easter…

IT Workers Infiltrated More than 300 U.S. Companies, Earning Millions

            WASHINGTON -- The Justice Department unsealed charges, seizures, and other court-authorized actions to disrupt the illicit revenue generation efforts of the D…

An Arizona woman participated in a scheme to help North Korean information technology workers pose as U.S. citizens so they could apply for remote work positions at Americans companies, federal prosecutors said Thursday as they unsealed cha…

*First of all: No illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems. This is not a data breach notification, there was none. See it as an organizational learning moment I am sharing with you…

A remote worker hired by KnowBe4 as a software engineer on its internal IT team was actually a persona controlled by a North Korean threat actor, the security firm revealed in a blog post Tuesday. 

Detailing a seemingly thorough interview p…

Defendant Used a "Laptop Farm" to Deceive Companies Into Thinking They Had Hired a U.S.-Located Worker

Matthew Isaac Knoot, 38, of Nashville, Tennessee, was arrested today for his efforts to generate revenue for the Democratic People's Repu…

A Nashville resident was arrested Thursday on charges of facilitating a remote IT-worker scheme that funneled hundreds of thousands of dollars to North Korea's illicit weapons program. 

Matthew Isaac Knoot, 38, allegedly assisted North Kore…

New KnowBe4 white paper provides advice on how organizations can protect themselves from this common hiring scam

KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it ha…

Strategic Overview of IT Workers

Since 2022, Mandiant has tracked and reported on IT workers operating on behalf of the Democratic People's Republic of Korea (DPRK). These workers pose as non-North Korean nationals to gain employment with o…

A company has been hacked after accidentally hiring a North Korean cyber criminal as a remote IT worker.

The unidentified firm hired the technician after he faked his employment history and personal details.

Once given access to the company…

New KnowBe4 training addresses critical security risks in hiring processes, sharing insights for other organizations to learn the pitfalls and avoid mistakenly hiring hackers

KnowBe4, the provider of the world's largest security awareness t…

Justice Department Continues Efforts to Seize the Illicit Proceeds of the Scheme

Note: View the indictment here and FBI Wanted Posters here.

A federal court in St. Louis, Missouri, yesterday indicted 14 nationals of the Democratic People's …

A federal court has indicted 14 more North Korean IT workers as part of an ongoing U.S. government campaign to crack down on Pyongyang's use of tech professionals to swindle American companies and nonprofits.

The Justice Department said the…

The U.S. Treasury Department announced sanctions Thursday against two individuals and four entities allegedly involved in generating revenue for North Korea through illicit remote IT workforce operations, the latest salvo in ongoing efforts…

Action is Latest Disruption of U.S.-Based "Laptop Farms" that Deceive U.S. Companies Into Hiring DPRK Nationals

Note: View the indictment here.

The Justice Department today announced the indictment of North Korean nationals Jin Sung-Il (진성일…

The U.S. government delivered another blow to North Korea's fake IT worker scheme Thursday, with the Department of Justice announcing indictments against five men for fraudulently obtaining remote credentials to work with American companies…

North Korean nationals have infiltrated businesses across the globe with a more expansive level of organization and deep-rooted access than previously thought, insider risk management firm DTEX told CyberScoop. 

This swarm of technical Nort…

SAN FRANCISCO --- North Korean nationals have infiltrated the employee ranks at top global companies more so than previously thought, maintaining a pervasive and potentially widening threat against IT infrastructure and sensitive data.

"The…

On paper, the first candidate looked perfect. Thomas was from rural Tennessee and had studied computer science at the University of Missouri. His résumé said he'd been a professional programmer for eight years, and he'd breezed through a …

A seasoned cyberthreat expert has unconventional advice for hiring managers interviewing remote IT workers: Gauge candidates' willingness to insult the authoritarian supreme leader of North Korea.

"My favorite question is something to the e…

A growing number of the nation's top tech firms have hired remote information technology workers, only to discover that the employees were actually North Korean cyber operatives.

Their goal? Cashing in on top tech salaries to funnel million…

The young developers are having the time of their lives. They pop open bottles of sparkling wine, eat steak dinners, play soccer together, and lounge around in a luxurious private swimming pool, all of their activity captured in photos that…

Exposing DPRK:
Nation-State Threat Actors

North Korea's cyber threat operates more like an international criminal network than a traditional state-sponsored group. Discover the surprising motivations and intricate operations behind DPRK's c…