North Korean nationals have successfully infiltrated the employee ranks of major global corporations at a scale previously underestimated, creating a pervasive threat to IT infrastructure and sensitive data worldwide.
Security experts revealed at the RSAC 2025 Conference that the infiltration extends across virtually every major corporation, with hundreds of Fortune 500 companies unknowingly employing North Korean technical workers, raising serious concerns about potential security breaches and data theft.
Infiltration Reaches Epidemic Proportions
“There are hundreds of Fortune 500 organizations that have hired these North Korean IT workers,” warned Charles Carmakal, Mandiant Consulting CTO, during a media briefing on Tuesday.
.png
)
The problem has reached such alarming levels that “literally every Fortune 500 company has at least dozens, if not hundreds, of applications for North Korean IT workers,” according to Carmakal.
Even more concerning, almost every Chief Information Security Officer interviewed has admitted to hiring at least one North Korean IT worker, with many confirming dozens have infiltrated their ranks.
Even tech giant Google has detected North Korean technical workers in their talent pipeline as job candidates and applicants, though the company reports none have been hired to date. Iain Mulholland, senior director of security engineering at Google Cloud, emphasized the universality of the threat:
“If you’re not seeing this, it’s because you’re not detecting it, not because it’s not happening to you.” Insider risk management firm DTEX corroborated these findings, reporting that 7% of its customer base-representing a cross-section of the Fortune 2000-has been infiltrated by North Korean operatives working as full-time employees with privileged access.
Evolving from Fundraising to Extortion
Initially, these North Korean operatives primarily focused on legitimate employment to generate funds for the regime in Pyongyang.
“Most of this activity is generally a fundraising activity,” explained John Hultquist, chief analyst at Google Threat Intelligence Group.
The revenue potential is substantial-a thousand IT workers earning six-figure salaries could generate approximately $100 million annually for the North Korean government, with many operatives simultaneously working multiple jobs at different organizations.
However, Mandiant observed a tactical shift approximately six months ago as companies became more vigilant in detecting and removing these operatives. In response, some North Korean workers have begun extorting their former employers, threatening to leak sensitive data if final payments or bonuses aren’t released.
While these extortion cases represent “a very small percentage” of incidents, according to Carmakal, they signal a concerning evolution in tactics that could potentially escalate to publishing stolen data online.
Security Experts Warn of Elevated Risks
The potential consequences extend far beyond financial losses, with security experts warning of possible disruption to critical services and infrastructure.
“When they start getting rooted out, it can sort of break bad on you and then start breaking things,” cautioned Hultquist. Technical connections between these IT workers and North Korea’s Reconnaissance General Bureau-previously linked to destructive cyberattacks-raise additional concerns about escalation.
Sandra Joyce, VP of Google Threat Intelligence, expressed astonishment at the sophistication of the operation: “The way that we’ve watched them put IT workers in Fortune 500 companies has been astounding.
” The privileged access these operatives gain as legitimate employees creates a particularly dangerous scenario, effectively giving them an “in-house” position from which they could potentially transfer access to North Korean intelligence services.
As organizations scramble to identify and remove these infiltrators, the case underscores a critical vulnerability in global hiring practices and the increasingly sophisticated methods employed by nation-state actors to bypass traditional security measures.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
