- Category
- Latest news
North Korea Is Using AI to Sneak Fake IT Workers Into Western Companies, Microsoft Warns
- Authors
![Photo of Ivan Khomenko]( "Photo of Ivan Khomenko")
North Korean operatives are increasingly using artificial intelligence tools to fraudulently secure remote jobs in Western technology companies.
According to Microsoft, individuals linked to the North Korean government have been applying for remote IT positions using fabricated identities and AI-assisted deception techniques.
We bring you stories from the ground. Your support keeps our team in the field.
After obtaining employment, the workers reportedly transfer their earnings to the North Korean state while maintaining access to corporate systems.
The scheme typically involves applicants submitting resumes for remote software development or IT roles under stolen or synthetic identities. In many cases, intermediaries located in the same country as the employer assist with establishing a local presence and facilitating the hiring process.
Artificial intelligence tools are used during several stages of the operation. Voice-modulation software is reportedly used during interviews to conceal accents and present applicants as candidates from Western countries.
Image-manipulation applications such as FaceSwap allow operators to insert faces into stolen identity documents and generate professional-looking profile photos for resumes.
The same tools are also used to build convincing digital identities at scale. Actors generate lists of culturally appropriate names and corresponding email addresses, then combine them with AI-assisted resumes and cover letters tailored to specific technology roles.
They also analyze job listings on platforms such as Upwork and other hiring websites to extract required skills and adapt applications to individual vacancies.
Microsoft reported that once hired, the workers continue using artificial intelligence tools to maintain the appearance of legitimate employment. AI systems assist with writing emails, translating internal communications, and generating code, allowing the operators to perform routine work tasks and avoid raising suspicion inside companies.
The activity is associated with several North Korean cyber groups tracked by researchers as Jasper Sleet and Coral Sleet. The operation appears to combine financial objectives with long-term access to corporate environments.
The company has previously disrupted infrastructure connected to the scheme, including thousands of email accounts used during recruitment and communication with employers.
Microsoft noted that artificial intelligence is increasingly being integrated across multiple stages of cyber operations, including reconnaissance, social engineering, and malware development. The same technologies can accelerate phishing campaigns, assist with vulnerability research, and help analyze stolen data after a breach.
Earlier, Newsweek reported that North Korean leader Kim Jong Un had reportedly given his daughter, Kim Ju Ae—believed to be around 13 years old—a leadership role within the country’s Missile Administration, the body responsible for overseeing Pyongyang’s nuclear forces, citing South Korean intelligence and a senior government official.
-7f54d6f9a1e9b10de9b3e7ee663a18d9.png)
