Watch On Demand: The DPRK IT Worker Campaign — A Growing Cyber Threat

The North Korean government has employed a strategic campaign involving IT workers to generate revenue and evade U.S. and UN sanctions. Thousands of alleged DPRK operatives have impersonated freelance developers, securing remote roles at companies across the U.S., Japan, and Singapore.

In January 2025, two DPRK nationals were added to the FBI's Most Wanted list for their involvement dating back to 2018. They reportedly worked for at least 64 companies, earning nearly $1 million. Shortly after, a U.S. citizen was charged with running a “laptop farm” that supported these actors. Between 2020 and 2023, DPRK IT operatives are believed to have targeted up to 300 U.S.-based companies, generating as much as $17 million in illicit revenue.

‍

What You'll Learn in This On-Demand Webinar:

• The DPRK IT Worker Kill Chain: from creating false identities and conducting interviews to evading detection, monetizing access, and weaponizing systems.
• Practical detection strategies and tactics, including techniques and procedures (TTPs) to hunt for these actors.
• Essential controls and mitigations to reduce risk.
• Real-world impacts: sanctions violations, cryptocurrency theft, proprietary data exfiltration, and software supply chain attacks — all posing significant operational and reputational risks.

Who Should Watch:

• Fortune 1000 companies with internal or outsourced development teams
• Software contractors and large tech enterprises
• Cyber Threat Intelligence (CTI) analysts, threat hunters, and CISOs

‍

‍