- Category
- Latest news
North Korean IT Specialists Use Fake Identities to Infiltrate Tech Firms and Earn Millions
- Authors
![Amira_barkhush]( "Photo of Amira Barkhush")
North Korean IT specialists are “renting” the identities of foreign nationals to work for overseas companies on their behalf, gathering data and generating revenue for the regime’s budget.
This was revealed in an investigation published by Fortune on April 16.
According to the report, North Korea is systematically deploying its IT workers to earn foreign currency by operating on popular freelance and job search platforms such as LinkedIn, Fiverr, and Upwork. Since these platforms and many companies require identity verification, North Korean engineers reportedly often recruit foreign collaborators to pose as fake employees to pass the verification process.
Cybersecurity specialist Aidan Rainey posed as a collaborator, agreeing to work with North Korean operatives in order to uncover the inner workings of a scheme that, according to US government estimates, has generated hundreds of millions of dollars for Pyongyang.
-3e495585fff46b2c2b9fa03978a062bd.jpg)
The arrangement was simple—North Korean partners would handle most of the technical tasks remotely using access tools, while Rainey would manage the public-facing side, attending meetings and handling direct communication with employers.
To support the scheme, the North Korean operatives created a fake LinkedIn profile for Rainey and began applying for jobs. They also altered his photograph to make it look different from images of him already available online.
The character they crafted was portrayed as an experienced geographic information systems (GIS) developer. His portfolio included, among other projects, the successful development of an emergency services app that tracks ambulance locations in real time.
About four North Korean operatives, communicating with Aidan Rainey under the single alias “Ben,” were set to receive 70% of their earnings via cryptocurrency transfers, PayPal, or Payoneer.
“They handle essentially all the work,” Rainey said. “What they were trying to do was use my real identity to bypass background checks and things like that and they wanted it to be extremely close to my real-life identity.”
-a08c8f2980116518526f1c98d9bbae0c.png)
In addition to LinkedIn and Fiverr, platforms like Upwork, Guru, and Freelancer were also frequently used for such schemes. Front-end and back-end developers, software testers, and graphic designers were the most common professions involved.
The founder of identity verification company Hypr noted that social engineering tactics have evolved, with North Korean operatives and copycat criminal groups now leveraging public data and AI to refine their methods.
The “Ben” team even managed to pass a job interview with a private US government contractor. Using remote access, they typed answers into Notepad, which Rainey would then read aloud. The company offered a full-time, remote position with an $80,000 annual salary. Rainey ended the experiment after the offer, explaining he could not accept the job.
According to the US Department of the Treasury, North Korean IT workers generate hundreds of millions of dollars annually for the regime, with individual specialists earning up to $300,000 per year. Most of the funds evade international sanctions through complex networks of shell companies.
-21d0b63c17f6020e4df75f6c6f9a2f4f.jpg "Photo of Ivan Khomenko")
