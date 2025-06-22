By Annie Fixler(senior fellow for Defense of Democracies)

North Korean hackers used to rely on virtual private networks and aliases to hide their true identities in order to get information technology jobs.



Now, according to reporting from Politico and Wired, AI-generated deepfakes are becoming key to Pyongyang’s success, rendering existing screening tools increasingly irrelevant.



North Korean operatives create fake LinkedIn pages using stolen information and pirated or AI-generated profile pictures.



In March, Pyongyang launched Research Center 227, an effort within its overseas intelligence agency, the Reconnaissance General Bureau, to focus on AI-enabled cyberattack capabilities.



According to cybersecurity firm DTEX, Research Center 227’s objectives are to use AI to neutralize defenses, steal information and money, and automate information collection and analysis.



Although the IT worker scheme long predates this center, the capabilities and skills it develops will enhance this operation and the other vast criminal enterprises that fund the regime.



Chinese support is critical. A report from cyberintelligence firm Strider said at least 35 Chinese companies have supported North Korean IT workers’ plot. Large Chinese and Russian firms often provide day jobs for North Korean hackers.



North Korea not only sends its hackers abroad but also creates companies in China and Russia to facilitate its cybercriminal activities. North Korea is deploying its hackers around the world and tasking them with bringing back funds for the regime.



American companies need, at the very least, more robust guidance from their government if they hope to stand a chance at detecting and thwarting Pyongyang’s advances.