The North Korean Threat Hiding in Hiring

North Korea’s latest threat to U.S. institutions doesn’t arrive through missiles or malware. It shows up as a job candidate.

In a recent ProSight article, bank fraud executive Cara Wick describes how the Democratic People’s Republic of Korea (DPRK) is exploiting global demand for technical talent by placing highly skilled North Korean nationals into U.S. companies while posing as American citizens. These roles are often remote, well paid, and grant access to sensitive data—exactly the combination the DPRK targets.

The scale is sobering. According to Axios, nearly every Fortune 500 company has unknowingly hired a DPRK operative. CrowdStrike investigated more than 300 incidents in the past year, and even cybersecurity firms like KnowBe4 have been affected. In December 2024, the Department of Justice indicted 14 North Korean state-sponsored scammers. One month later, it named 64 victimized companies, including a U.S. financial institution.

“This is just the tip of the iceberg,” said Ashley T. Johnson, special agent in charge of the FBI’s St. Louis Field Office.

The cybersecurity risk is clear. Regulatory guidance issued in 2022 warned that DPRK IT workers use privileged access to enable malicious cyber intrusions. The FBI has reported cases where U.S. company laptops were shipped overseas or traced to North Korean-controlled laptop farms.

The compliance exposure is less obvious—but serious. Salaries paid to DPRK workers support the regime’s weapons of mass destruction and ballistic missile programs, creating sanctions risk. When banks fail to detect funds routed to the regime, they also risk violating the Bank Secrecy Act.

There are controls that can help. The article emphasizes that banks don’t need complex solutions to reduce exposure. Practical steps include:

• Train hiring teams to recognize red flags. Misspellings, odd addresses, or résumés that appear unusually “perfect” can all be warning signs.
• Strengthen interview controls. Require video to be on, listen for unusual background noise, and if something feels off, ask the candidate to point the camera out a window—Wick notes that some workers may be operating in crowded rooms alongside other forced laborers.
• Verify identity rigorously. Mandate in-person drug tests or fingerprinting, and confirm education and employment directly with institutions. In one case cited, a fraudster had stolen the identity of a deceased U.S. citizen.
• Test for deepfakes. Ask a candidate to wave a hand in front of their face—such a motion can expose AI-generated video failures.

The bottom line: Remote work has undeniable benefits—but the risk calculus has changed. “The potential risk from even one minute of access to systems is almost unlimited,” Declan Cummings, head of engineering at Cinder, told Wired. The OCC has put institutions on notice. It’s important to stay mindful of the risk in hiring talent you may not ever meet in person.

For more on how banks can close gaps criminals exploit across siloed defenses, register for the Feb. 24 webinar “Integrating Cyber and Fraud Teams To Defend as One.”