Why North Korean Spies Are Taking Over American Remote Jobs
And More Importantly: What It Says About the Hermit Kingdom
Imagine you are an HR manager at a successful U.S. tech company looking to hire a highly qualified software engineer (U.S. based but remote). You advertise the role and among hundreds of applicants, one clearly stands out - an absolutely impeccable resume, U.S. citizen, shines in the interviews and his background checks come back spotless. The decision to hire them is a no-brainer.
But once they get access to your company’s systems, things start to get kind of strange. Suddenly malware gets uploaded on your servers, proprietary data is downloaded and siphoned off and then you get a call from the FBI: saying that your new employee is a North Korean spy and your data is now on its way to Pyongyang.
Now, as bizarre as that sounds and as much as it sounds like a plot from a bad cyber-thriller, it’s not fiction and the scenario described above is a reality that has been playing out in hundreds of U.S. (and increasingly European as well) companies over the past two years. According to the FBI and multiple cybersecurity firms, North Korean operatives have quietly infiltrated the American workforce, posing as freelance developers, remote engineers, and IT consultants. By using fake names, falsified documents, and stolen identities, they are able to pass background checks and because they tend to perform surprisingly well in interviews because well, they are actually solid software engineers.
The whole scheme is pretty smart - they infiltrate fake IT workers to make money both from their actual salaries (often they manage to hold down several remote jobs at once) and from funneling money and data out of the companies they work for. They operate through front companies and if needed, they set up laptop farms in the U.S. to make it look like they’re logging in from Arizona or Idaho. It’s estimated that almost every Fortune 500 company hired a fake North Korean remote worker in the past few years and that North Koreans have landed thousands of remote jobs in the U.S. alone.
Now, sure, unless you run a tech company that recently hired a suspiciously secretive remote worker, this doesn't directly concern you and it’s more funny than anything else. But in reality, it actually does tell us something deeper about North Korea itself and its survival strategy, its adaptability, and the paradoxes of how it functions. Because this seemingly bizarre trend actually fits perfectly with how North Korea operates and it’s the latest iteration of a very familiar playbook.
The thing is that most people’s idea of what North Korea is and how it acts as a geopolitical actor is not exactly accurate. We tend to see it as a bizarre, delusional and isolated “hermit kingdom” ruled by neo-monarchical Kim family that manages to survive by hermetically sealing off its country, holding everything together with an iron fist and running a country with a GDP per capita comparable to that of such economic powerhouses like Eritrea and Yemen.
And I mean, all of that is true, but at the same time, North Korea is also a lot more than that - and if it wasn't, its ruling regime would have never survived as long as it did. After all, despite holding the title of the most sanctioned country in the world for a long time (until it’s been recently overtaken by Russia), it manages to launch and operate satellites, intercontinental ballistic missiles and it’s punching way above its weight in cyberwarfare - all things that we probably wouldn't expect a country like North Korea to pull off, but it somehow does it anyway.
North Korean spy satellite Malligyong, launched in 2023
And that’s because while it might be delusional in some areas, it’s also consistently deeply pragmatic in how it approaches survival, and extremely good at finding and squeezing value from places most countries would never think to look.
What drives North Korean decision making are not values, long-term growth or international prestige. It focuses on one simple thing: regime survival. And it does that by identifying the one or two pressure points that can’t be ignored, and leaning on them hard - with its nuclear program is probably the clearest example of that.
North Korea never built nuclear weapons because it thought it could win a nuclear war, it built them because it knew it couldn’t win a conventional one. Nukes were the asymmetric answer to an overwhelming military disadvantage (North Korean military budget is estimated to be roughly 11 times smaller than that of South Korea without even including the U.S. troops permanently stationed on the peninsula): a way to neutralize superior forces by introducing risk that no one wanted to deal with. The goal wasn’t to become a global power but rather to make an invasion or external attempts to overthrow the regime permanently unthinkable.
Cyber operations in which North Korea has gotten extremely good at (according to IISS, North Korea’s cyber capabilities roughly match those of India, Iran or Japan) follow a similar logic. Like nuclear weapons, they offer an asymmetric advantage where with limited but focused resources you can get a capability that puts you in a league where you wouldn't otherwise have a chance to play in. Except instead of deterrence needed to shield the regime from external threat, the goal here is revenue - needed to save the regime from economic starvation.
North Korea doesn't have access to global financial markets, it can't export most of what it produces (and even if it could, I doubt that its products would be especially competitive), but it still needs hard currency to purchase stuff that it can't produce on its own. Hacking banks and crypto exchanges is a relatively cheap, low-risk way to generate income, and it’s been effective enough that the regime has continued to scale it up.
And when the war in Ukraine started, North Korea saw another opportunity. Russia needed weapons (and soldiers), and North Korea had warehouses full of old Soviet artillery (and one of the largest standing armies in the world). The trade wasn’t ideological, it was purely transactional, with munitions and manpower in exchange for money, oil, food, and possibly more advanced weapons systems. It’s a familiar pattern: find the weakness in the global system and push just hard enough to benefit from it without triggering a response that could actually threaten the regime. For all its isolation, North Korea has become very good at inserting itself into moments of geopolitical instability and making them work in its favor.
The remote job scam fits into this exact pattern. It’s not really some elaborate intelligence operation. All it requires is a stolen identity, a bit of scripting knowledge, and a company that doesn’t vet remote workers very carefully. The immediate goal is once again to acquire cash - the U.S. government estimates that as much as 90% of the earnings from these jobs go straight into state accounts. And like with everything else, the overarching goal to, in the end, keep the regime solvent just long enough to get through the next crisis.
North Korea has a very narrow definition of success - don’t collapse, keep the leadership alive and maintain some degree of leverage - and most of what it does is built around serving that goal with the tools it actually has. The fake remote jobs are just one more tool in that kit. And while it looks strange from the outside, it’s consistent with everything the regime has done for decades: identify an opening, exploit it until someone shuts it down, and move on to the next one.
And that, in the end, the fact that it's able to do that and that it’s gotten really good at it is a big part of why the regime is still here. After over 80 years, three generations of Kims, decades of isolation, and round after round of sanctions, North Korea continues to survive because it keeps finding small, often unexpected ways to extract value from it. And as long as the regime can keep identifying cracks like this and exploiting them just enough to stay afloat - it’s not going anywhere.