North Korean Spies Infiltrated Over 320 Companies via GenAI-Backed Remote Work Scams

• Double impact: The North Korean IT worker scam saw a 220% year-over-year increase in 2025.
• Hundreds of companies: A recent report estimates that the state-sponsored actors infiltrated at least 320 companies.
• Generative AI support: The DPRK-based spies leverage artificial intelligence to generate resumes and create deepfakes.

Over 320 companies have been infiltrated by Democratic People's Republic of Korea (DPRK) spies posing as remote IT workers in the past year, marking a staggering 220% increase from previous reports when talking about state-sponsored threat actors.  

Tactics Behind the Infiltration  

Operating under the pseudonym "Famous Chollima," these espionage agents leverage a mix of generative AI tools and deepfake technologies to fabricate resumes, work histories, and even appearances for remote interviews, CrowdStrike's latest report reveals (PDF).

By securing positions in U.S. and Western companies, they not only siphon corporate funds but also gain access to sensitive data, enabling subsequent data theft and extortion schemes. 

A simulation of a Famous Chollima attack was recently posted on Medium.

Scale and Implications  

While exact figures remain elusive, industry experts estimate that thousands of North Korean operatives are currently employed as remote workers in Western corporations. The consequences of such breaches extend beyond financial losses, potentially compromising intellectual property, trade secrets, and operational security.  

The U.S. Department of Justice has intensified efforts to disrupt these operations, targeting facilitators who manage "laptop farms" and other illicit schemes. 

Recent legal actions revealed that North Korean agents stole the identities of American citizens to trick over 300 U.S. companies into hiring them. The U.S. DoJ says the garnered funds are used to support North Korea’s sanctioned nuclear weapons program, valued in the billions. 

The CrowdStrike report emphasizes the importance of introducing stricter identity verification processes during the hiring process to fortify their defenses against remote work infiltration.  

In April, TechNadu reported that the North Korean IT specialist scam expanded to Europe. A new Menlo Security report noted that the adoption of GenAI in cybercriminal operations is growing, as it’s leveraged for deepfakes and other purposes.