North Korean IT Workers Employ New Tactics to Infiltrate Global Organizations

Microsoft Threat Intelligence has uncovered a sophisticated operation by North Korean remote IT workers who are leveraging cutting-edge artificial intelligence (AI) tools to infiltrate organizations worldwide.

Since at least 2020, these highly skilled individuals, often based in North Korea, China, and Russia, have been targeting technology-related roles across various industries to generate revenue for the Democratic People’s Republic of Korea (DPRK) while simultaneously stealing sensitive data.

Their tactics have evolved significantly since 2024, with AI being used to enhance the quality of fraudulent identities by replacing images in stolen employment documents and refining worker photos to appear more professional.

Additionally, voice-changing software is being employed to mask their identities during communications, raising concerns about the potential for even more deceptive interview processes in the future.

Sophisticated Techniques

The scope of this operation, tracked by Microsoft under codenames like Jasper Sleet (formerly Storm-0287 ...