The Hermit Kingdom's Laptop Warriors

The Hermit Kingdom's Laptop Warriors

Deep within the restrictive borders of North Korea, a sophisticated network of skilled computer operatives has been secretly infiltrating the global tech industry. These "laptop warriors" have been posing as American remote workers, securing high-paying jobs at top US companies and funneling millions of dollars back to the ruling Kim regime.

The operation is believed to be worth anywhere between $250 million to $600 million annually, with experts estimating that thousands of US firms may have unwittingly hired North Korean IT workers over the past few years. The operatives, often working from China or Russia, create fake profiles on job networking sites like LinkedIn and use AI tools to mimic American accents and answer interview questions in real-time.

Once hired, the operative will ask for their work laptop to be sent to a US-based middleman, who installs remote access tools allowing the North Koreans to access the company's network from outside the country. These "laptop farms" often host dozens of devices used by numerous operatives, with some having earned as much as $300,000 per year.

The regime needs this cash to fund its nuclear weapons program and maintain its grip on power after being shut off from the global economy since 2006. North Korea has diversified into cybercrime, using hacker soldiers recruited from the country's IT-focused universities to steal cash and valuable data from major banks, businesses, cryptocurrency exchanges, and government databases.

Experts believe that the remote-worker scheme has been successful, generating a significant chunk of revenue for one of the world's poorest and most economically isolated countries. The North Korean workers routinely install malicious software inside company networks, allowing them to hold sensitive data and intelligence hostage, or lock down a business's computer systems entirely, until a ransom is paid.

"This is very adaptive," said FBI agent Elizabeth Pelker. "Even if [the hacker] knows they're going to get fired at some point, they have an exit strategy." The US has been working to counter the North Korean threat, with law enforcement agencies arresting American citizens accused of running laptop farms and charging numerous North Korean operatives based overseas.

"As it gets increasingly expensive or difficult to get remote jobs here in the U.S., they're pivoting to other locations," said Adam Meyers, a counter-adversary expert at cybersecurity firm Crowdstrike. "They're getting more traction in Europe."

The IT worker scheme is just one way that North Korea lines its pockets. The regime also has a highly skilled army of digital thieves who target cryptocurrency firms, many of which operate with limited regulatory oversight and have weak security systems. North Korean hackers pilfered a total of $661 million from the crypto industry in 2023, doubling that amount to $1.3 billion last year.

"They're the most sophisticated crypto launderers we've ever come across," said Tom Robinson, founder of blockchain-analytics firm Elliptic. A significant portion of the stolen funds ends up in Pyongyang's coffers, with an unusually high 80% to 90% being recovered.