North Korean Spies Are Infiltrating Influential US Companies By The Thousands: Report

North Korean spies are reportedly using stolen identities and photos generated by artificial intelligence to land high-paying, remote jobs at U.S. companies.

The scam allegedly allows Pyongyang's operatives to steal intellectual property, launch cyberattacks and make millions of dollars that help fund Kim Jong Un's weapons program, according to the Wall Street Journal.

Hundreds of businesses have been duped, including a major TV network, a Silicon Valley tech company, an aerospace and defense contractor, an automaker and a luxury retailer.

At least three failed attempts were reportedly made to insert spies posing as information technology workers into two government agencies.

But researchers at Google's Mandiant cyber defense division were stunned by how many had been actually hired elsewhere, with the Journal estimating that thousands were potentially put on American payrolls in recent years.

"Once we peeled back these onion layers, we realized that these IT workers are everywhere," Mandiant analyst Michael Barnhart said in a stunning report Thursday.

North Korea's diplomatic mission at the United Nations didn't respond to a request for comment, the Journal said.

One alleged spy was hired by KnowBe4, a cybersecurity company in Clearwater, Florida, after posting an online resume with an AI-generated photo of himself based on a stock image from the internet, the company said.

The man, identified only as "Kyle," was flagged by a jobs website site for his fluency in the computer language needed for the role at KnowBe4 and was interviewed over Zoom, CEO Stu Sjowerman said.

"He was being open about strengths and weaknesses, and things he still needed to learn, career path ideas," Sjouwerman told the Journal. "This guy was a professional interviewee who had probably done this a hundred times."

During his first day at work, "Kyle" attempted to deploy malware that tripped internal security alarms and led the company to figure out he was an imposter and alert the FBI, the Journal said.

Another company, tech startup Cinder, said it began receiving dozens of fraudulent applications to join its remote workforce in early 2023, with about 80% believed to be North Korean spies.

During one virtual interview, Cinder executive Declan Cummings mentioned that the company's co-founders were former Central Intelligence Agency officers — prompting the job-seeker to immediately log off and disappear.

"Out of all the companies that these people could apply to, they are applying to a company run by ex-CIA people and a North Korea expert," said Cummings, who speaks Korean and has done volunteer work with North Korean defectors. "I don't think that we were uniquely targeted, but we might be uniquely aware of it."

The scheme is allegedly aided by Americans hired to run "laptop farms" where remote desktop software allows North Korean spies to log into corporate servers while appearing to be located in the U.S.

Last month, Matthew Knoot, 38, of Nashville, Tennessee, was accused of accepting about $15,000 to receive and boot up work laptops that allowed the spies to defraud multiple U.S. media companies, a tech company and a British financial institution during the previous 13 months.

A lawyer representing Knoot, who pleaded not guilty and is set to face trial in October, didn't return a request for comment, according to the Journal.

The companies all thought they were hiring an American citizen, identified in court papers "Andrew M.," with each paying him more than $250,000 before that scam was shut down.

The money was allegedly funneled into North Korea's weapons program, "which includes weapons of mass destruction," the Justice Department said when it announced Knoot's arrest.

The case followed another filed in May, when Christina Marie Chapman, 49, of Litchfield Park, Arizona, was accused of hosting more than 90 laptops in her home.

That scheme allegedly duped more than 300 U.S. companies and generated more than $6.8 million funneled to North Korea since 2018.