- Nisos Uncovers Massive DPRK Employment Fraud Campaign Embedding Agents in U.S. Tech Firms
- 22 agents submitted more than 166,000 applications, landed more than 21,000 interviews and 76 job offers using stolen identities, AI tools and local replacements.
- The targets were primarily software/data roles; a scheme combining deception and AI tactics to generate wages and access systems for plan revenue
Security researchers have uncovered a massive North Korean operation to recruit state-sponsored agents at U.S.-based technology companies.
Nisos released a detailed report detailing how the group used stolen identities, AI tools, remote access technology and even premises to get hired.
Surprisingly, the campaign resulted in 76 job offers, or approximately 3.5 offers per agent.
Extensive use of AI
Nisos said the investigation began when a suspected North Korean agent applied for a remote AI architect position at the company.
Working with law enforcement, the company uncovered a cell of 22 people who, between December 2024 and September 2025, submitted at least 166,893 job applications, landing more than 21,645 interviews with U.S. companies.
The operation was well organized, Nisos said, and had administrators, managers, team leaders, agents and more. Members communicated via Discord, used performance monitoring dashboards and identity brokers.
Each agent managed multiple job profiles at the same time and tracked different metrics such as the number of applications submitted, interviews completed, and offers received.
To increase their legitimacy, scammers have relied heavily on AI. They used AI-generated resumes, AI-assisted interview coaching, and real-time response generation during interviews. Additionally, they used voice training apps to improve their chances of getting a job, and when they had to appear in person or participate in onboarding sessions, they used local replacements who were then paid in ERC20 cryptocurrency (Ethereum).
Most often, they targeted software engineering, development, and data roles (70%). Salaries for these positions ranged from $55,000 to $230,000.
“Employment fraud in the DPRK has become a highly organized and scalable operation that combines human deception, technical know-how and AI-based tactics,” said Ryan LaSalle, CEO of Nisos. “What makes this threat particularly concerning is that these actors no longer rely solely on traditional cybercrime. They embed themselves within organizations, collect salaries, access systems and data, and generate revenue for the regime through seemingly legitimate jobs.”
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
