Vetted by NeuralPress's Multi-Agent Verifier for strict factual validity and event relevance. Our compliance engine cross-checks and filters search results to ensure zero false correlations or misleading content.
Primary Sources
North Korean IT Workers Use AI in Disguised Job Interviews
by Editor · April 4, 2026 NISOS collaborated with the FBI, sent Jo a laptop, and assigned remote tasks, uncovering a network suspected to involve at least 20 North Korean … NISOS collaborated with the FBI, sent Jo a laptop, and assigned remote tasks, uncovering a network suspected to involve at least 20 North Korean … Read More
North Korean IT Worker Used Stolen Identity, AI-Generated Resume in Job Scam
A recent investigation as exposed how a suspected North Korean IT worker allegedly used a stolen identity, AI-generated resume content, and scripted interview answers to try to secure a senior remote role at U.S.-based threat intelligence firm Nisos. The case highlights how DPRK IT employment schemes are evolving by combining traditional fraud with modern AI and remote access technologies. He used stolen personally identifiable information (PII), a newly created email address, and a VoIP phone number designed to match the claimed U.S. location. According to Nisos, the individual applied in June 2025 for a Lead AI Architect role, posing as a Florida-based senior full stack developer and AI specialist. Network indicators tied the applicant to IP addresses believed to belong to the Astrill VPN anonymization network, a service previously linked to North Korean remote IT worker activity. Investigators determined the resume was likely generated or heavily assisted by an AI chatbot. AI-Generated Resume The document mirrored the employer’s own job description, repeating long lists of skills and technologies, including programming languages, agentic AI tools, cloud platforms, databases, and OSINT tooling, directly lifted from the posting. List of skills in the Lead AI Architect role (Source : Nisos). The summary section also reused language about researching and evaluating emerging agentic AI technologies, suggesting automated content creation rather than authentic experience. During the virtual interview, Nisos analysts suspected the candidate was relying on an AI chatbot to answer questions in real time. The operative frequently looked away from the camera and repeatedly began answers with the phrase “How can I say?”, appearing to wait for scripted responses. When interviewers asked a fake question about a recent “hurricane George” in Florida a non-existent event the candidate still attempted to respond, reinforcing suspicions that he was reading generic AI-generated text rather than speaking from personal experience. Possible profile details of a DPRK operative’s resume account (Source : Nisos). Pre-employment OSINT uncovered three different resume platform profiles tied to the same name but with inconsistent locations, universities, and employment histories. All profiles appeared to reference the real addresses of an actual Florida resident, indicating that the operative had likely stolen that person’s identity. Nisos’ investigation showed the n...
Inside the scheme placing North Korean IT workers in U.S. firms
The Flare/IBM X-Force report, Inside the North Korean Infiltrator Threat, documents what daily life looks like for North Korean IT worker operatives. It describes the timesheets they keep, the slide decks they study, the fake LinkedIn profiles they build and the western collaborators they recruit to help them pass background checks.
North Korean remote worker scheme - Wikipedia
According to Mandiant (now part ... admitted to hiring at least one North Korean IT worker. SentinelOne, a cybersecurity firm, reported receiving approximately 1,000 job applications linked to North Korean operatives....
