A North Korean defector has exposed an elaborate, pandemic-fueled scheme in which Pyongyang’s elite cyber operatives use stolen identities and slick online personas to infiltrate U.S. companies as remote software developers, funneling hundreds of millions of dollars back to Kim Jong Un’s regime.
A hidden operative in a U.S. “remote” job
On the internal directory of a California-based tech company, he appeared to be a typical remote hire: a mid-level software developer with a polished LinkedIn profile and an IP address geolocated somewhere in the American Midwest.
In reality, the man known as Anton Koh was coding from a state-run dormitory in China, working as part of North Korea’s state-directed network of IT operatives embedded in foreign firms.
Koh’s account, shared with human-rights group PSCORE and reported by major U.S. media, offers a rare inside look at how the regime systematically steals foreign identities to place its specialists in Western companies.
A U.S.-led coalition of 11 countries has estimated the scheme generated up to 800 million dollars in 2024 alone, with more than 40 countries targeted or implicated.
Pandemic-era remote work opened the door
Koh says the explosion of remote work during the Covid-19 pandemic turned into a windfall for Pyongyang’s cyber workforce.
“I’m a software engineer and I have a great opportunity for you,” he recalled messaging dozens of Americans every day at the height of the remote-work boom, pitching them on front arrangements that would help North Koreans quietly step into their digital shoes.
According to testimonies collected by Seoul-based NGO PSCORE, these overseas IT workers have become financial lifelines for North Korea’s nuclear and missile programs, with the regime reportedly seizing up to 90 percent of each worker’s earnings.
To avoid suspicion, most operatives are based in China and Russia, where their connections can be made to look like ordinary traffic from the region rather than from heavily sanctioned North Korea.
Fortune 500 companies flooded with bogus applicants
Cybersecurity experts warn the problem now runs through the top tier of corporate America.
