North Korean AI Scammers Target European Companies
North Korean IT operatives are increasingly leveraging artificial intelligence (AI) to infiltrate European companies, posing as remote workers to generate revenue for the Kim Jong Un regime. This tactic, previously employed against over 300 U.S. Companies, is now expanding its reach, raising alarms among cybersecurity experts.
The Rise of ‘Fake Workers’
A growing “mini army” of North Korean IT operatives is utilizing AI to create convincing online personas and secure remote jobs at major European firms Financial Times. These operatives are disguising themselves as legitimate workers to infiltrate companies and collect wages, a scheme driven by the North Korean regime’s need for foreign currency.
Methods of Deception
The operatives employ a variety of sophisticated techniques, heavily reliant on AI:
- Identity Fabrication: They hijack dormant LinkedIn accounts or purchase access from account holders to establish a presence.
- Fraudulent Documentation: Fake resumes and identity documents are created.
- AI-Powered Avatars & Deepfakes: AI is used to generate realistic digital avatars and deepfake technology for video interviews El-Balad.
- Natural Language Generation: Large language models are used to generate culturally relevant names, email formats, and written communication, avoiding detection El-Balad.
- Voice Modification: Some operatives use voice modification technology to mask accents during interviews.
Expanding Operations and Technological Advancement
Between 2020 and 2024, North Korean agents infiltrated more than 300 U.S. Companies, earning at least $6.8 million (approximately 10 billion won) El-Balad. The scheme has now spread to Europe, with reports of “laptop farms” being established in the UK to enhance their reach El-Balad.
Microsoft’s threat intelligence team has identified groups linked to North Korea, including Jasper Sleet and Coral Sleet, as being actively involved in this job fraud AIDIRECTORY. AI is utilized throughout the entire process, from generating believable profiles to drafting emails, translating documents, and even writing code to maintain the illusion of a legitimate employee AIDIRECTORY.
Company Responses and Security Concerns
Companies are beginning to recognize the threat. Amazon security chief Stephen Schmidt reported blocking recruitment attempts from over 1,800 individuals suspected of being North Korean agents since April 2024, specifically targeting AI and machine learning roles CyberScoop. Microsoft has also blocked approximately 3,000 Outlook and Hotmail accounts linked to this activity in 2025 AIDIRECTORY.
Some operatives have even threatened to leak company data if terminated, highlighting the potential security risks AIDIRECTORY.
Looking Ahead
The increasing sophistication of North Korean operatives, coupled with the rapid advancement of AI technology, presents a significant and evolving cybersecurity challenge for companies across Europe and the United States. Enhanced hiring procedures, increased vigilance, and proactive threat intelligence are crucial to mitigating this risk.
Keep reading