Axios Features Strider Report on North Korean IT Workers

In The News

Strider

Strider CEO and Co-Founder Greg Levesque spoke to Sam Sabin at Axios ahead of the launch of Strider's recent report—Inside the Shadow Network: North Korean IT Workers and Their PRC Backers. The report detailed how North Korean actors, often with the support of entities within the People’s Republic of China, work to penetrate digital workforces of Western organizations to access sensitive data, advance geopolitical goals, and generate and launder illicit proceeds. 

Strider also uncovered a shadow network of 35 PRC-based companies that are linked to PRC-based Lianoning China Trade, which has been sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) for shipping IT equipment to Department 53 of The DPRK’s Ministry of The People’s Armed Forces.

Exclusive: North Korean scammers land jobs in U.S. with help from Chinese companies

Axios

By: Sam Sabin | May 13, 2025

North Korean IT workers are setting up front companies across China as part of their global operation to trick Western companies into hiring them, according to a new report shared first with Axios.

Why it matters: Nearly every Fortune 500 company has struggled with the problem of North Korea-based IT workers trying to get hired at their firms.

  • But few talk about the problem publicly over fears of law enforcement retaliation and embarrassment.

Driving the news: Strider Technologies, a cyber intelligence platform that works with eight of the Fortune 10 companies, released a report today saying it's identified 35 China-based companies linked to North Korean IT worker operations.

  • Those 35 companies are strongly believed to be affiliated with Liaoning China Trade Industry Co., a U.S.-sanctioned company that has shipped IT equipment to a North Korean government agency.

Zoom in: Strider specifically calls out three of those 35 organizations that could be helping Liaoning China Trade fund North Korea's operation:

  • Dandong Deyun Trading Co., a registered textiles and electronics wholesaler and retailer;
  • Guangzhou Aiyixi Trading Co., a cosmetics and clothing wholesaler that advertises itself online as a producer of commercial induction cookers and bathroom cabinets;
  • Yongping Zhuoren Mining Co., a company registered as a wholesaler of mineral products and building materials.

The big picture: For years, North Korean IT workers have been scamming U.S.-based companies into hiring them with the goal of using the higher salaries to help fund the country's missiles program.

  • But a part of those operations have shifted to focus on gathering intelligence about the companies they're working at, including intellectual property and any other company secrets, Strider CEO Greg Levesque told Axios.

The intrigue: Cybersecurity vendors have been stepping up their efforts to raise awareness about the problem over the last year.

  • An FBI notice sent to companies earlier this year significantly raised awareness about the scope of the problem, Levesque said.
  • Google said during a media roundtable on the sidelines of the RSA Conference last month that it had seen North Korean IT workers applying for jobs at their company.
  • Cyber vendors SentinelOne and KnowBe4 have said they've accidentally hired these workers themselves.

What they're saying: "Right now, what we're all realizing is that the scope and scale of that enterprise is far greater than people originally knew," Levesque said.

Between the lines: Much of the remote hiring process is siloed, and HR professionals aren't necessarily equipped to spot a fraudulent application.

  • New mitigation and detection tools that automatically spot applications that could have fake or misleading information will be the key to stopping this problem, Levesque said.

What to watch: Strider is releasing a tool later this week that will help automatically detect falsified resumes, which North Korean IT workers are using in their job applications all the time.