Overview
- CrowdStrike recorded a 220% year-over-year surge in incidents, investigating more than 320 cases of North Korean operatives obtaining remote IT positions over the 12 months ending June 30.
- Operatives relied on generative AI at every stage—from forging resumes and deepfake video interviews to automating daily coding tasks—to avoid detection and manage multiple jobs.
- The scheme has expanded beyond the United States into Europe, Latin America and other regions, with new “laptop farms” established to facilitate remote work under false identities.
- The U.S. Department of Justice has prosecuted U.S.-based facilitators and seized laptop farms, including one operation that stole 80 American identities to place operatives at over 100 companies.
- Security experts warn that as AI-powered tactics outpace traditional defenses, companies must strengthen identity verification and enforce strict need-to-know access controls to counter the threat.