North Korean AI-Backed Remote Work Infiltrations Surge 320 Cases Globally

CrowdStrike's 2025 Threat Hunting report reveals a dramatic 220% increase in North Korean operatives infiltrating global companies by securing remote IT jobs under fake identities, with over 320 incidents investigated in the past year. These workers, referred to as "Famous Chollima," use generative AI tools to create fake resumes, deepfake video appearances, and manage multiple jobs simultaneously, enabling them to evade detection and perform technical tasks despite language barriers. Their employment at Western, European, Latin American, and other companies helps fund North Korea's sanctioned nuclear weapons program, generating hundreds of millions annually. The scheme not only provides revenue but also facilitates data theft and potential extortion targeting the victim companies. CrowdStrike recommends enhanced identity verification during recruitment as a key defense, while some firms have experimented with unusual measures like requiring candidates to denounce North Korean leadership to identify spies. This widespread infiltration highlights evolving employment-fraud tactics that have impacted thousands of companies, including Fortune 500 firms, and underscores the global scale of North Korea's cyber-enabled financial operations.