North Korea’s fraudulent IT worker schemes have expanded to target nearly every industry that hires remote employees, according to researchers at Okta.
“While public reporting has primarily focused on DPRK nationals targeting software development roles at major US technology companies, our analysis shows that this threat is not limited to the tech sector, nor the US,” the researchers write.
“North Korean IT Workers (ITW) now pose a real threat to a wide range of industries. Impacted industries include finance, healthcare, public administration, and professional services across a growing number of countries. This widespread scheme aims to gain illicit employment and — in some cases — steal sensitive data.”
Okta has observed North Korean operators attempting to obtain remote employment at thousands of companies. Half of these companies were in non-tech industries, such as finance, healthcare, public administration, and professional services.
“Using a combination of internal and external data sources, Okta Threat Intelligence tracked over 130 identities operated by facilitators and workers participating in the DPRK ITW scheme,” the researchers write. “We linked these actors to over 6,500 initial job interviews across more than 5,000 distinct companies up until mid-2025.”
The report notes that Pyongyang’s expansion of these activities indicates that the operations have been successful and lucrative enough to warrant additional effort.
“Okta Threat Intelligence observed examples of DPRK-linked actors progressing through multiple interviews for the same roles. While we are not privy to every organization’s hiring and onboarding processes, evidence of post-onboarding corporate activities was observed in multiple organizations across different verticals, supporting the theory that a broad, ‘scatter-gun’ approach to job application and interviewing has been successful enough to make it a worthwhile endeavour for the DPRK regime to continue and expand.”
The researchers conclude, “It’s essential that organizations in all industry sectors and countries are made aware that DPRK-linked actors have applied or are likely to apply for advertised remote technical roles and to implement the crucial extra steps required to make their organization a harder target.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Okta has the story.
