EXCLUSIVE: NORTH KOREA'S FAKE IT ARMY INFILTRATES US FIRMS, FUNDS MISSILES WITH YOUR PAYROLL
A massive, state-sanctioned fraud operation has been funneling American paychecks directly into North Korea's missile programs. In an explosive new action, the U.S. Treasury has sanctioned a network of six individuals and two entities running a global IT worker scheme, confirming that the regime is weaponizing the remote job market to bankroll its weapons of mass destruction.
Dubbed Coral Sleet and Wagemole, the scheme uses stolen identities, fake personas, and forged documents to place North Korean IT operatives inside legitimate U.S. companies. These workers, often posing as freelance developers, then divert a huge portion of their salaries back to the regime. This isn't just sanctions evasion; it's a direct pipeline from corporate HR departments to Pyongyang's launch pads.
But the threat goes beyond stolen wages. Once embedded, these operatives turn to classic cybercrime. Security analysts confirm they deploy malware to execute massive data breaches, steal proprietary secrets, and then launch ransomware attacks, demanding crypto payments under threat of leaking the stolen information. They hunt for any zero-day vulnerability to exploit.
"Their goal is twofold: steady illicit revenue and strategic intelligence gathering," a senior cybersecurity analyst involved in tracking the group told us. "They are not just employees; they are full-spectrum threat actors inside the network. A single successful phishing email can grant them the access they need to plant ransomware or exfiltrate data for years."
This matters because your company's next remote hire could be a front for a hostile nation. These operatives expertly use services like Astrill VPN, tunneling through U.S. nodes to appear as domestic workers while operating from China. They bypass firewalls and geo-blocks with ease, making a mockery of standard HR checks. Their presence is a ticking time bomb for a devastating data breach.
We predict a wave of follow-on sanctions and a major corporate reckoning as more victims discover the true origin of their "employees." Remote hiring protocols are now a critical national security vulnerability.
The era of freelance hacking has evolved. Now, the hackers are on your payroll.
