The North Korea worker problem is bigger than you think | CyberScoop<\/title> <meta name=\"description\" content=\"The yearslong scheme goes much deeper than contract work, extending to roles beyond traditional IT and sometimes granting the insider threat \u201ckeys to the kingdom,\u201d DTEX President Mohan Koo said.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/north-korea-technical-workers-full-time-jobs\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"The North Korea worker problem is bigger than you think\"> <meta property=\"og:description\" content=\"The yearslong scheme goes much deeper than contract work, extending to roles beyond traditional IT and sometimes granting the insider threat \u201ckeys to the kingdom,\u201d DTEX President Mohan Koo said.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/north-korea-technical-workers-full-time-jobs\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-03-31T15:44:34+00:00\"> <meta property=\"article:modified_time\" content=\"2025-03-31T15:44:37+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-2.jpg\"> <meta property=\"og:image:width\" content=\"4854\"> <meta property=\"og:image:height\" content=\"3236\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1742994400g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1742838279g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84026\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84026\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnorth-korea-technical-workers-full-time-jobs%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnorth-korea-technical-workers-full-time-jobs%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-84026 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/north-korea-technical-workers-full-time-jobs\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.660682226212\">\n<div class=\"single-article__header-content\" readability=\"36.548314606742\">\n<p> The yearslong scheme goes much deeper than contract work, extending to roles beyond traditional IT and sometimes granting the insider threat \u201ckeys to the kingdom,\u201d DTEX President Mohan Koo said. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84026\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-2.jpg 4854w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> The money earned by remote North Korean IT workers is funding the North Korean weapons programs. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"106.55843733044\"><body readability=\"214.98626373626\"><\/p>\n<p>North Korean nationals have infiltrated businesses across the globe with a more expansive level of organization and deep-rooted access than previously thought, insider risk management firm DTEX told CyberScoop. <\/p>\n<p>This swarm of technical North Korean experts isn\u2019t just intruding businesses as ad hoc freelance IT workers; they\u2019ve gained full-time employment as engineers and specialists of various skill sets with the highest degree of access in enterprise systems.<\/p>\n<p>\u201cWe work with a fair cross-section of the Fortune Global 2000 organizations, and right now we have active investigations going on with 7% of our customer base,\u201d Mohan Koo, co-founder and president of DTEX, said in an interview. DTEX has a couple hundred customers and estimates thousands of critical infrastructure organizations have been infiltrated by North Korean operatives.<\/p>\n<p>\u201cSome of the roles that we\u2019re investigating, the infiltrators that we\u2019re investigating right now, have actually got the keys to the kingdom,\u201d Koo said. \u201cThey have privileged-access rights. They have the ability to turn on access and turn off access for other workers. They have the ability to install and uninstall software. They have the ability to write code.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>DTEX\u2019s ongoing research indicates the North Korean regime\u2019s yearslong scheme goes much deeper than contract work and extends to roles beyond traditional IT. The Justice and Treasury Departments have issued <a href=\"https:\/\/cyberscoop.com\/doj-indicts-five-in-north-korean-fake-it-worker-scheme\/\">indictments<\/a> and <a href=\"https:\/\/cyberscoop.com\/treasury-sanctions-north-korea-over-remote-it-worker-schemes\/\">sanctioned people and entities<\/a> allegedly involved in North Korea\u2019s effort to send thousands of specialized technical professionals outside of the country to secure freelance jobs under false pretenses and funnel their wages back to Pyongyang.<\/p>\n<p>Multiple threat hunters have observed a surge of insider threat activity linked to North Korea. Adam Meyers, head of CrowdStrike\u2019s counter adversary operations, last month said a \u201ctremendous amount of companies\u201d have unknowingly hired North Koreans for technical development roles.<\/p>\n<p>Nearly 40% of the incident response cases CrowdStrike worked on last year involving North Korea were insider-threat operations. Insider threats accounted for 5% of Palo Alto Networks\u2019 Unit 42 incident response cases last year, and the number of those tied to North Korea tripled in 2024.<\/p>\n<p>Oftentimes, organizations unknowingly hire multiple North Korean nationals. \u201cIt\u2019s typically not just one,\u201d said Rob Schuett, director of insider intelligence investigations at DTEX. <\/p>\n<p>\u201cA single compromise is just the beginning,\u201d he said. \u201cIt\u2019s kind of like an insect infestation in your home. You see that one insect and you may be able to spray that one with chemicals and get rid of it, or move it outside. However, you know that in the walls and the cracks and the crevices there\u2019s a bigger problem underfoot.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h5 class=\"wp-block-heading\" id=\"h-quick-pivots-hops-to-other-networks\">Quick pivots, hops to other networks<\/h5>\n<p>Once a North Korean national is hired and starts the employment onboarding process, they move quickly to further infiltrate the organization. <\/p>\n<p>They move into virtual desktop infrastructure environments, using access granted from one entity to pivot to a third party, often a trusted partner.<\/p>\n<p>\u201cThat opens up the whole threat of the supply chain being infiltrated, and that\u2019s a very, very complex problem,\u201d Koo said. <\/p>\n<p>DTEX\u2019s investigation into insider threats backed by North Korea reached an \u201calarming conclusion,\u201d Koo said, a shocking reality that the extent of known compromise is widespread and likely more prevalent than confirmed thus far. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWe\u2019re only really catching the dumb ones, the ones that are making OpSec mistakes, and they\u2019re pivoting around in places that we didn\u2019t know were infiltrated,\u201d Schuett said. This means, North Korean technical workers are probably operating in dozens of infiltrated organizations, including those they aren\u2019t employed by, simultaneously. <\/p>\n<p>North Korean nationals are also installing various remote access tools, which are approved for use and often blend in to typical onboarding activities, when most employees set up and gain initial access to work systems.<\/p>\n<p>\u201cThey\u2019re using a specific identity and a specific individual to gain employment, and that individual\u2019s skill set is specifically targeted to gain employment at the organization,\u201d Koo said. \u201cBut once they\u2019ve gained employment, it\u2019s just an access right, and then they use these remote tools to enable the others to do the work.\u201d<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-north-koreans-are-doing-the-job-better-than-most\">North Koreans are doing the job \u2014 better than most<\/h5>\n<p>The threat posed by North Korean technical workers stands out, compared to other nation-state backed activity, because they\u2019re doing the work companies are paying them to do. \u201cIn some cases, they\u2019re doing a better job than most,\u201d Koo said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>With multiple people performing tasks assigned to one person, pulling in assistance from thousands of experts in any given field, these employees may become a rock star in the eyes of their employer. To the organization, it looks like their best employee is doing an inordinate amount of work.<\/p>\n<p>Yet, DTEX discovered multiple red flags as it began tracking suspected North Korean workers\u2019 activities on their work machines. <\/p>\n<p>\u201cWhat we see with the DPRK worker is completely anomalous compared to everybody else, meaning you\u2019ll see a login time that runs an extremely long amount of time and then there is no logout activity,\u201d Schuett said.<\/p>\n<p>\u201cThey\u2019ll run impossible amounts of times for a human being to endure to work, so they\u2019ll go like four to five days at a time before you\u2019ll see another logout, if you even see one,\u201d he said.<\/p>\n<p>This heightened and unimaginable level of productivity occurs because North Korean workers open remote sessions and share their desktop with other alleged co-conspirators with similar specialized skills. Spikes in activity are attributed to the handover period, from one shift worker to the next, or when multiple people are working side by side, shadowing each other.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>While the average time lapsed between North Korean worker logins and logoffs or the unlocking and locking of machines is six to seven days, DTEX observed one instance of unrelenting activity that went on for three weeks.<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-financially-motivated-by-salaries-now-but-what-s-next\">Financially motivated by salaries now, but what\u2019s next?<\/h5>\n<p>For now, North Korean technical workers are focused on attaining employment, doing those jobs, and sending the money they earn back to Pyongyang. <\/p>\n<p>North Korean technical workers generate hundreds of millions of dollars for the North Korean regime, according to Unit 42.<\/p>\n<p>The potential for follow-on activity, including espionage, extortion and disruptive attacks on critical infrastructure is abundant.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cFor any of us to be naive enough to think that that\u2019s all they\u2019re ever going to do is ridiculous,\u201d Koo said. \u201cWe have to be vigilant because, at the point that they decide to weaponize in a different way, they have the access to do it.\u201d<\/p>\n<p>While it remains hypothetical, Koo said it\u2019s \u201cinconceivable\u201d to think North Korean technical professionals working for an unknown number of businesses around the globe won\u2019t plant a backdoor, switch off critical infrastructure or otherwise commit sabotage at some point.<\/p>\n<p>\u201cIt just requires the right point in time where they have that motivation to do so,\u201d he said. <\/p>\n<p>Security professionals acknowledge it\u2019s difficult for organizations to identify a potential insider threat from job applicants, but not impossible. <\/p>\n<p>Requiring remote job candidates to be on camera and show government-issued identification is a good practice, but not fool-proof. Paying attention to what people do on camera \u2014 looking away, possibly taking prompts from someone else helping them through the interview \u2014 can provide meaningful insights, Schuett said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWe can see other people in the room with them taking an interview,\u201d Schuett said. \u201cI don\u2019t know about you, but when I\u2019m applying for a job, I\u2019m probably not doing it in a Starbucks or some other public location.\u201d<\/p>\n<p>Other potential tells include long pauses and inconsistencies on candidates\u2019 resumes, such as claimed expertise in technologies before they were developed and widely available.<\/p>\n<p>Human resources professionals and recruiters are the first line of defense against North Korean insider threats. But if they pass that stage and make it to employment, companies can still look for idiosyncrasies, such as lack of communication in meetings, emails or collaboration platforms, to spot potential problems.<\/p>\n<p>North Korean technical workers \u201cdon\u2019t ask how your kid did in soccer last night,\u201d Schuett said. \u201cThey don\u2019t talk about the new, cool restaurant they found, because they can\u2019t.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.7280334728033\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/the-north-korea-worker-problem-is-bigger-than-you-think-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/north-korea-technical-workers-full-time-jobs\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The North Korea worker problem is bigger than you think<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2350,282,78,4035,647,2911,715,256,288,183],"tags":[2354,286,86,4036,240,2913,720,262,294,207],"class_list":["post-7496","post","type-post","status-publish","format-standard","hentry","category-crowdstrike","category-cybercrime","category-cybersecurity","category-dtex-systems","category-north-korea","category-north-korean-it-workers","category-palo-alto-networks","category-research","category-threats","category-unit-42","tag-crowdstrike","tag-cybercrime","tag-cybersecurity","tag-dtex-systems","tag-north-korea","tag-north-korean-it-workers","tag-palo-alto-networks","tag-research","tag-threats","tag-unit-42"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/crowdstrike\/\" rel=\"category tag\">CrowdStrike<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/dtex-systems\/\" rel=\"category tag\">Dtex Systems<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korea\/\" rel=\"category tag\">North Korea<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korean-it-workers\/\" rel=\"category tag\">North Korean IT workers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/palo-alto-networks\/\" rel=\"category tag\">Palo Alto Networks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/unit-42\/\" rel=\"category tag\">Unit 42<\/a>","tag_info":"Unit 42","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7496"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7496\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7496,"date":"2025-03-31T10:44:34","date_gmt":"2025-03-31T15:44:34","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84026"},"modified":"2025-03-31T10:44:34","modified_gmt":"2025-03-31T15:44:34","slug":"the-north-korea-worker-problem-is-bigger-than-you-think","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/03\/31\/the-north-korea-worker-problem-is-bigger-than-you-think\/","title":{"rendered":"The North Korea worker problem is bigger than you think"},"content":{"rendered":"