A Hidden Threat in the Global Talent Market

On paper, there is nothing unusual about your company’s new hire.

A remote contractor with an impressive resume of relevant experience. A credible background that passes the test. They reside in a location that doesn’t raise concern. They are exactly the kind of employee your company is looking for amid the growing demand for technical talent and the continued rise of remote work.

But beneath the surface is something far more malicious.

A fabricated identity. A borrowed work history. And a quiet connection to one of the most dangerous and authoritarian regimes in the world.

This scenario is not hypothetical.

A recent Strider report, Inside the Shadow Network, reveals how North Korean operatives, with the support of entities in the People’s Republic of China (PRC), have successfully secured work with companies across the U.S., Japan, and Western nations. By operating under false—or sometimes stolen—identities and posing as freelance developers or engineers, these operatives have led targeted efforts to:

This threat points to an alarming new reality: the global talent market itself is being weaponized by adversarial nation-states to advance objectives.

The Global Talent Market Has Become a Strategic Battleground

We have entered a new geopolitical moment.

Industry and academia have now joined governments on the frontlines for this global battle for technological and data superiority. Supply chains and the global talent market have become part of the terrain.

This shift has fundamentally changed where risk resides for Western and Japanese companies, making it harder to separate legitimate business activity from state-directed operations. Instead of attacking systems from the outside, state actors are finding ways to embed themselves within global systems, using ordinary commercial activity to pursue strategic goals with less visibility and greater reach.

The rapid normalization of remote work has accelerated this threat. Distributed teams have expanded access to talent, scaled technical capacity, and accelerated growth across industries. At the same time, they have created new opportunities for nefarious actors to exploit unsuspecting organizations and plant insider threats. As a result, the line between innovation and infiltration has never been thinner.

One recent case brings this into sharper focus. Last year, a woman from Arizona was sentenced to more than eight years in prison for running a laptop farm that helped North Korean operatives gain employment at over 300 U.S. companies. Over the span of three years, she helped North Korean operatives steal the identities of U.S. citizens, pose as remote IT workers, and illegally funnel more than $17 million back to the DPRK government.

This case reflects a broader pattern of remote hiring fraud tied to North Korea already identified by U.S. authorities.

U.S. government investigations have uncovered fraud campaigns carried out by North Korean operatives that span years and continents. According to the U.S. Department of the Treasury, up to 90 percent of the earnings generated through these schemes were then funneled back to the North Korean government, where they were used to support weapons of mass destruction and ballistic missile programs.

In response, U.S. authorities have escalated enforcement efforts. New sanctions have been imposed by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) targeting multiple individuals and entities involved in this scheme. Meanwhile, the FBI and U.S. Department of Justice continue to release indictments and public service announcements to increase awareness about these schemes and the importance of due diligence in the hiring process.

This isn’t Happening in Isolation

These schemes are not confined to a single country or actor. They are part of a broader illicit ecosystem that provides the infrastructure and support needed to operate across borders and markets.

As detailed in Strider’s report, many of the DPRK operations uncovered in U.S. government indictments and sanctions involve facilitators and front companies based in the PRC, where North Korean operatives often reside and access the global internet. These PRC-based intermediaries allow access to digital platforms, payment systems, and employment marketplaces, creating a cross-border infrastructure that helps North Korean operatives to work outside the DPRK while obscuring their true origins.

But the DPRK is not the only actor exploiting this dynamic. Strider’s research also found cases of remote workers from the PRC, India, and Pakistan using fake identities, fabricated work histories, and falsified credentials to secure roles inside Western and Japanese companies.

In a world increasingly reliant on remote work and globalized talent pools, this activity is no longer a fringe risk or a series of isolated incidents. It is being normalized by state actors to infiltrate the global talent market and exploit business as usual.

Conclusion

This challenge reflects a major shift in the threat landscape Western and Japanese companies now operate in. Geopolitics have become an integral part of global business operations, particularly in how companies source their talent.

Understanding how these fraudulent worker schemes take shape inside hiring pipelines—how identities are constructed, how roles are secured, and how activity is sustained across borders—is critical for business leaders to secure their company from the inside.