Podcast Episode
Koh's testimony, shared with The Wall Street Journal, offers a rare firsthand account of a programme that a coalition of eleven nations estimates funnelled up to eight hundred million dollars to the North Korean regime in twenty twenty-four. More than forty countries have been targeted or drawn into the operation.
Microsoft has tracked thousands of unique fake personas, while cybersecurity firm Mandiant reports that virtually every Fortune 500 company has received dozens, if not hundreds, of applications from North Korean operatives. The regime seizes up to ninety percent of each worker's earnings to fund its nuclear weapons programme.
As one Google Cloud security director warned: if you are not seeing this, it is because you are not detecting it, not because it is not happening to you.
North Korean Defector Exposes Regime's Remote IT Worker Scheme Infiltrating Fortune 500
February 17, 2026
0:00
3:13
A North Korean defector known as Anton Koh has revealed the inner workings of Pyongyang's sprawling cyber operation, where elite operatives steal foreign identities to land remote IT jobs at major Western companies. The scheme reportedly generated up to eight hundred million dollars for Kim Jong Un's regime in twenty twenty-four alone, with virtually every Fortune 500 company affected.
Inside the Scheme
A North Korean defector has pulled back the curtain on one of the most audacious cyber-espionage operations in modern history. Known by the alias Anton Koh, the former operative described how he lived in a state-run dormitory in China while posing as a Midwest-based software developer at a California company, complete with a polished LinkedIn profile and a convincing digital trail.Koh's testimony, shared with The Wall Street Journal, offers a rare firsthand account of a programme that a coalition of eleven nations estimates funnelled up to eight hundred million dollars to the North Korean regime in twenty twenty-four. More than forty countries have been targeted or drawn into the operation.
How It Works
The explosion of remote work during the Covid-19 pandemic proved a golden opportunity for Pyongyang. Operatives like Koh would message dozens of Americans daily, offering lucrative partnership deals. Using stolen or rented identities, North Korean workers create fake LinkedIn profiles, use AI-generated deepfakes for real-time video interviews, and route their internet connections through China and Russia to mask their true locations.Microsoft has tracked thousands of unique fake personas, while cybersecurity firm Mandiant reports that virtually every Fortune 500 company has received dozens, if not hundreds, of applications from North Korean operatives. The regime seizes up to ninety percent of each worker's earnings to fund its nuclear weapons programme.
The Crackdown
The United States Justice Department has mounted an aggressive response. In June twenty twenty-five, sweeping actions included searches of twenty-nine laptop farms across sixteen states and the seizure of financial accounts used to launder funds. Four Americans and a Ukrainian national pleaded guilty in November twenty twenty-five to helping North Koreans secure remote jobs at more than one hundred and thirty-six US companies. At least one defence contractor working on AI-powered equipment was compromised, with technical data sent abroad.As one Google Cloud security director warned: if you are not seeing this, it is because you are not detecting it, not because it is not happening to you.
Published February 17, 2026 at 1:06am
