What to do if your company discovers a North Korean worker in its ranks | CyberScoop<\/title> <meta name=\"description\" content=\"U.S. businesses face complex legal, cybersecurity, and compliance challenges after uncovering North Korean IT workers on their payrolls, experts warn at Google's Cyber Defense Summit.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/north-korean-it-workers-enterprise-risks-sanctions-response\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"What to do if your company discovers a North Korean worker in its ranks\"> <meta property=\"og:description\" content=\"U.S. businesses face complex legal, cybersecurity, and compliance challenges after uncovering North Korean IT workers on their payrolls, experts warn at Google's Cyber Defense Summit.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/north-korean-it-workers-enterprise-risks-sanctions-response\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-09-23T18:12:42+00:00\"> <meta property=\"article:modified_time\" content=\"2025-09-23T18:12:45+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1279\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1754500264g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1757443701g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/86094\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=86094\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnorth-korean-it-workers-enterprise-risks-sanctions-response%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnorth-korean-it-workers-enterprise-risks-sanctions-response%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-86094 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/north-korean-it-workers-enterprise-risks-sanctions-response\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.473365617433\">\n<div class=\"single-article__header-content\" readability=\"34.552763819095\">\n<p> Experts say companies often struggle to manage the aftermath when they discover an employee\u2019s true identity is not what it seemed. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/86094\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks-2.jpg?resize=1024,682 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks-2.jpg?resize=1536,1023 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"87.359625146427\"><body readability=\"177\"><\/p>\n<p>Terminating their employment is the easy part. The rest is complicated.<\/p>\n<p>When enterprises discover they have inadvertently hired North Korean information technology workers, they face a cascade of urgent decisions involving sanctions law, cybersecurity protocols, and law enforcement cooperation that can expose them to significant legal and financial risks.<\/p>\n<p>Incident response experts and cybersecurity lawyers explained how enterprises can navigate these risks Monday at Google\u2019s Cyber Defense Summit in Washington, D.C. The challenges have grown more prominent as cybersecurity firms track what they describe as an organized employment scheme designed to generate revenue for North Korea\u2019s weapons programs. <\/p>\n<p>\u201cTheir primary goal is revenue generation, often from multiple employers at once, to fund their weapons of mass destruction program,\u201d Mike Lombardi, who leads North Korean-focused incident response work at Mandiant, said during a panel discussion on the issue.<\/p>\n<p>While North Korean IT workers ultimately funnel their earnings back to the regime, cybersecurity experts emphasize that the workers themselves are primarily motivated by securing paychecks rather than causing immediate corporate damage. Because of this, experts emphasized Monday how companies need all of their departments \u2014 like human resources, security, and legal \u2014 to watch for warning signs when hiring and to work together if they discover a suspicious worker on their team.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h4 class=\"wp-block-heading\" id=\"h-detection-through-hr-anomalies\">Detection through HR anomalies<\/h4>\n<p>Evan Wolff, a cybersecurity lawyer and partner who co-chairs Akin Gump\u2019s privacy and tort practice, emphasized that initial detection often occurs during routine vetting processes. \u201cA lot of these cases seem more HR than cyber at first,\u201d Wolff said.<\/p>\n<p>Key indicators include email addresses that lack credentials with known data brokers, LinkedIn profiles with recycled resumes, and an applicant\u2019s reluctance to appear on video during interviews. Matthew Welling, a partner in Crowell & Moring\u2019s cyber practice, noted that mismatched personal information often provides the first clues.<\/p>\n<p>\u201cA big part of this is spotting pieces of information that don\u2019t fit together \u2014 for example, if the address on their ID doesn\u2019t match the address where they want things sent, that\u2019s often a giveaway,\u201d Welling said.<\/p>\n<p>Caroline Brown, a Crowell & Moring partner specializing in international trade and national security, said investigations sometimes reveal more complex patterns. \u201cWe saw one IT worker employed at several places at once, looking for their next job, possibly using their employer\u2019s systems to do so,\u201d Brown said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h4 class=\"wp-block-heading\" id=\"h-immediate-sanctions-exposure\">Immediate sanctions exposure<\/h4>\n<p>The legal implications can become apparent quickly once a North Korean is suspected to be employed inside an organization. Brown, who previously worked at the Justice Department\u2019s National Security Division and the Department of Treasury\u2019s Office of Foreign Assets Control (OFAC), explained the strict liability that can come with violating U.S. sanctions.<\/p>\n<p>\u201cNorth Korea is under a comprehensive embargo \u2014 no dealings with U.S. persons or companies, directly or indirectly,\u201d Brown said. \u201cFinding out you\u2019ve made a payment to them could be an additional violation, even strict liability, meaning you don\u2019t need to know you did it; you\u2019re still liable.\u201d<\/p>\n<p>The timing of discovery creates additional complications for things like payroll processing. When asked about scenarios where companies discover a rogue employee mid-week but have payroll scheduled for Friday, Brown responded that the situation becomes \u201cvery fact-specific and is about risk tolerance.\u201d<\/p>\n<p>\u201cIf you process a payment and it turns out to be for a North Korean, your payment processor \u2014 a U.S. financial institution \u2014 has violated sanctions, which may also expose you as the cause of that violation,\u201d Brown said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h4 class=\"wp-block-heading\" id=\"h-strategic-response-decisions\">Strategic response decisions<\/h4>\n<p>Unlike typical cybersecurity incidents, these cases sometimes involve staying in communication with the suspected workers to facilitate evidence collection and device recovery. Welling noted that the threat actors\u2019 behavior differs from expectations.<\/p>\n<p>\u201cMore often than not, they\u2019re very cooperative, trying to get one more paycheck or severance, even arranging for someone to return the laptop for money,\u201d Welling said. \u201cThe key is to keep the interaction alive: tell them you\u2019re having technical issues, keep communication open, and stay in touch.\u201d<\/p>\n<p>Lombardi confirmed this approach to CyberScoop, stating that \u201cmost of the time, we just want to get the laptop back.\u201d He explained that maintaining the ruse can be essential for forensic analysis, particularly when evidence is stored locally on devices rather than in centralized systems.<\/p>\n<p>The cooperative nature of these workers when discovered reflects their primary motivation. \u201cBy and large, we see that their motivation is to remain employed,\u201d Lombardi said. \u201cEven if things fall apart, the worker will usually comply, to try to stretch out payments or maintain a relationship, not go nuclear.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h4 class=\"wp-block-heading\" id=\"h-law-enforcement-and-regulatory-coordination\">Law enforcement and regulatory coordination<\/h4>\n<p>One of the biggest decisions companies face is when and how to involve federal authorities. Welling, who previously worked at the Department of Homeland Security, noted the FBI\u2019s effectiveness in these cases.<\/p>\n<p>\u201cAs someone who spent four years at Homeland Security, I don\u2019t always love the FBI, but in this case they\u2019re extremely effective and can work proactively with affected clients to stop this pre-employment,\u201d Welling said.<\/p>\n<p>There is no legal requirement to notify law enforcement, but Wolff noted that \u201csharing information with the FBI is helpful, and as the relationship lengthens or the money paid increases, the risk grows.\u201d<\/p>\n<p>Brown also highlighted the benefits of voluntary self-disclosure to OFAC. \u201cMore companies are doing so, which preserves mitigation credit \u2014 a 50% reduction in penalties \u2014 if OFAC were to penalize you,\u201d she said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The disclosure decision becomes more complex when the FBI initiates contact. \u201cIt depends on what the cooperation agreement is with the FBI and whether they\u2019ve already told OFAC about the incident,\u201d Brown said.<\/p>\n<p>Wolff emphasized that whatever the appetite is for getting outside parties involved, an organization should test those plans through tabletop exercises. He explained that even companies that hold cybersecurity-focused tabletops \u201cdon\u2019t cover this kind of case\u201d and stressed the importance of including HR personnel in planning a response.<\/p>\n<p>\u201cOne challenge is that nobody tells you \u2018this person is definitely North Korean\u2019 early on, so you\u2019re piecing together information, often through HR investigations rather than standard cyber incident response,\u201d Wolff said.<\/p>\n<p>The panel members agreed that the threat continues to evolve and expand. Welling characterized it as an enduring challenge: \u201cThis isn\u2019t a threat that\u2019s going away. If anything, more groups are picking up the playbook.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.7696721311475\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/north-korean-it-workers-enterprise-risks-sanctions-response\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What to do if your company discovers a North Korean<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5069,5070,78,3729,646,647,2911,288],"tags":[5071,5072,86,3731,650,240,2913,294],"class_list":["post-8008","post","type-post","status-publish","format-standard","hentry","category-akin-gump","category-crowell-moring","category-cybersecurity","category-google-threat-intelligence-group","category-mandiant","category-north-korea","category-north-korean-it-workers","category-threats","tag-akin-gump","tag-crowell-moring","tag-cybersecurity","tag-google-threat-intelligence-group","tag-mandiant","tag-north-korea","tag-north-korean-it-workers","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/akin-gump\/\" rel=\"category tag\">Akin Gump<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/crowell-moring\/\" rel=\"category tag\">Crowell & Moring<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korea\/\" rel=\"category tag\">North Korea<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korean-it-workers\/\" rel=\"category tag\">North Korean IT workers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8008"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8008\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8008,"date":"2025-09-23T13:12:42","date_gmt":"2025-09-23T18:12:42","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=86094"},"modified":"2025-09-23T13:12:42","modified_gmt":"2025-09-23T18:12:42","slug":"what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/09\/23\/what-to-do-if-your-company-discovers-a-north-korean-worker-in-its-ranks\/","title":{"rendered":"What to do if your company discovers a North Korean worker in its ranks"},"content":{"rendered":"