ARLINGTON, Va. — North Korean cyber operatives have scaled up their efforts to infiltrate Corporate America, deploying artificial intelligence, stolen identities, and a network of U.S.-based “laptop farms” to flood companies with more than 166,000 fraudulent job applications.
A bombshell report released Tuesday by Virginia-based human risk management firm Nisos exposes the inner workings of a highly sophisticated, corporate-style Democratic People’s Republic of Korea (DPRK) cell. The investigation reveals that between late 2024 and September 2025, a single cell of roughly 22 operatives successfully navigated U.S. corporate hiring pipelines to secure at least 76 job offers, generating millions of dollars to fund the isolated regime’s weapons programs.
The Anatomy of an Industrial-Scale Scam
According to Nisos’ findings, the operation functioned less like a rogue hacking group and more like an aggressive, metrics-driven recruiting agency.
The cell utilized a highly organized corporate structure featuring administrators, managers, team leads, and front-line operatives. Each operative was remarkably prolific, managing multiple fake personas at once to average roughly 7,586 job applications and 984 interviews.
DPRK FRAUD CELL BY THE NUMBERS
├── Estimated Operatives: 22
├── Total Applications Submitted: 166,893
├── Total Interviews Completed: 21,645
└── Confirmed Job Offers Secured: 76
The operatives primarily targeted high-paying, remote tech roles—such as software engineering, web development, and data analysis—with salaries ranging from $55,000 to $230,000. Technology firms bore the brunt of the onslaught, accounting for 42.6% of all job offers extended, followed closely by consulting, healthcare, and financial services firms.
Weapons of Mass Deception: AI and “Laptop Farms”
What sets this cell apart is its mature adoption of cutting-edge technology to bypass traditional corporate HR screenings:
- AI-Generated Personas: Operatives utilized artificial intelligence to generate highly polished, tailor-made resumes. During live video interviews, they deployed real-time AI response generators and voice-training or accent-mimicking applications to hide their native backgrounds.
- U.S. “Natives” and Laptop Farms: To maintain the illusion of being domestic remote workers, the cell recruited U.S.-based facilitators. These local accomplices were paid via cryptocurrency to receive corporate-issued laptops, host them on home network “farms” so the IP addresses appeared local, manage remote-access software, and even take physical drug tests on behalf of the North Korean workers.
- Operational Security: Inside their own communication channels (split across Discord, Telegram, and WhatsApp), operatives used three-letter initials to mask their true identities and spoke exclusively in English to prevent automated native-language tracking.
From Hacking to Hiring
“DPRK employment fraud has evolved into a highly organized and scalable operation that blends human deception, technical tradecraft, and AI-enabled tactics,” said Ryan LaSalle, CEO of Nisos, in a statement.
Security experts note that the strategy marks a terrifying shift in North Korea’s state-sponsored financial crime. Rather than relying solely on high-stakes bank heists or cryptocurrency hacks, the regime is embedding its agents directly into the fabric of Western enterprises.
By gaining legitimate employment, the operatives achieve a dual threat: they collect consistent, high-end American salaries to funnel back to Pyongyang, while simultaneously gaining internal credentialed access to proprietary corporate networks, sensitive data, and intellectual property.
How the Cell Was Caught
The massive investigation actually began as an inside job. In late 2024, a suspected DPRK operative applied for a remote AI architect position at Nisos itself.
Catching the anomalies, Nisos security teams launched a controlled investigation in tandem with federal law enforcement. By monitoring the applicant, researchers were able to trace the digital breadcrumbs back to a domestic laptop farm and eventually crack open the broader infrastructure of the 22-person cell.
Nisos warns that the threat can no longer be treated as a simple human resources headache. The firm is urging corporate executives, legal teams, and cybersecurity divisions to treat remote hiring with heightened scrutiny, warning that traditional background checks are failing to stop the regime’s digital double agents.