North Korea’s Remote IT Worker Scheme: Business Risks and Response

“Nearly every Fortune 500 company has grappled with how to safeguard their workforce from the threat of infiltration by DPRK actors posing as IT workers.”

This observation from Strider CEO and Co-Founder Greg Levesque captures a sobering reality for companies operating in this new geopolitical era: the global talent market is being exploited by adversarial nation-states looking to gain advantage. Strider’s Inside the Shadow Network report reveals how this new threat has direct consequences for businesses—not as abstract geopolitical risk, but as measurable sources of legal, financial, and reputational exposure.

In the first and second blog posts in this series, we examined how North Korea’s remote IT worker scheme operates and the infrastructure that enables it, including the use of falsified identities, freelancing platforms, and PRC-based intermediaries. With that foundation in place, the remaining question for business leaders is: What does this mean for my company?

Answering that question requires moving beyond awareness to insight—understanding where exposure actually exists and how it shows up inside companies.

Risks to Businesses

As North Korea’s remote IT worker scheme has expanded, so too has the scope and scale of its impact on Western and Japanese companies. This risk surfaces across multiple dimensions of business, often incrementally, and often before companies even recognize they are exposed.

Regulatory and legal risks are often the first to emerge. Companies that unknowingly hire or contract North Korean nationals posing as remote IT workers may find themselves in direct violation of U.S. and international sanctions against the DPRK. Companies that violate these sanctions could face severe penalties, including hefty fines, legal action, and restrictions on their ability to operate internationally.

Reputational damage can follow quickly once exposure becomes public. Any degree of association with North Korean nationals can do irreparable damage to the public image of Western and Japanese companies. It can give the perception of weak oversight or insufficient controls, which would be especially harmful for companies in sensitive industries such as defense, technology, and finance. And worse, it can erode trust among customers, partners, regulators, and investors.

Intellectual property theft presents a more subtle but consequential risk. By embedding themselves in legitimate IT roles, North Korean nationals may gain access to a company’s proprietary software, internal tools, and trade secrets. The result is the quiet removal and relocation of intellectual property back to the DPRK, where it can be used to advance its technological capabilities or transferred to other hostile nation-states and criminal organizations.

Data breaches and espionage add another dimension of exposure. Access to corporate systems can allow embedded workers to interact with sensitive data, including personal information, financial records, and confidential corporate communications. That data may be exfiltrated for intelligence purposes or monetized through illicit channels, leaving companies and employees exposed. In some cases, organizations only uncover the extent of these breaches well after the data has left their control.

Financial losses from cybercrime round out the risk landscape. North Korean IT workers have been linked to ransomware attacks, hacking operations, and other cyber activity targeting Western and Japanese companies. The resulting costs for companies have been substantial—from ransom payments and system recovery to business interruption and increased security spending, totaling hundreds of millions of dollars.

Why Traditional Due Diligence Misses This Threat

What this scheme ultimately exposes is a gap between how companies assess risk and how adversarial nation-states are operating in this new geopolitical era. Traditional hiring practices were not designed to detect actors operating through falsified identities, layered intermediaries, and global platforms.

Mitigation begins with visibility. Companies need a clearer understanding of who they are hiring and contracting with—particularly across remote roles, third-party vendors, and outsourced IT services. That means moving beyond surface-level identity verification to in-depth assessments of potential affiliations, linkages, and exposure to networks that may not be immediately apparent through conventional due diligence.

Enter Strider.

Strider helps companies solve the visibility problem by turning open-source data into strategic, actionable intelligence. That means providing companies a faster way to screen both the individuals applying for work and the organizations behind them.

Strider’s People Search screens individuals for nation-state ties, falsified resumes, or hidden risks so teams can make better decisions across hiring and access workflows. It also supports resume verification by flagging inconsistencies and suspicious credentials that can be missed in standard checks.

Strider’s Organizations Search helps companies identify state-sponsored threats across third-party relationships by revealing hidden connections across parent companies, subsidiaries, suppliers, customers, and key personnel. By prioritizing high-risk connections with risk-only filtering, it allows companies to identify potential threats quickly and act before exposure spreads.

Strider brings these insights into the decisions that matter most: when companies are evaluating candidates, approving vendors, or expanding access for contractors. In this new threat landscape, increased visibility is necessary.

Conclusion

Today, it is North Korean workers infiltrating companies while posing as remote IT workers. Tomorrow, it may be other state-backed actors using new tools, methods, or operations to target private industry. The bottom line is that this type of threat isn’t going away. As long as innovations and new technologies are happening in this sector, adversaries will keep looking for ways to access and exploit them.

Companies that recognize this shift now—and invest in intelligence-led approaches to secure their workforce—will be the ones better equipped to protect their operations, their reputations, and their long-term resilience.