Fortune: “The Strider report underscores that Chinese companies serve as essential intermediaries in the North Korean IT worker conspiracy.”

Strider's "Inside the Shadow Network: NorthKorean IT Workers and Their PRC Backers" report was featured in a Fortune article about how Chinese companies are secretly powering North Korea's global IT workers scheme.

Said CEO and Co-Founder Greg Levesque: "Nearly every Fortune 500 company has grappled with how to safeguard their workforce from the threat of infiltration by DPRK actors posing as IT workers. Our research at Strider reveals how front companies based in the PRC are enabling this coordinated DPRK campaign. Treasury has begun announcing sanctions on individuals and entities engaged in these efforts, but a more wholesale examination of the infrastructure underpinning the DPRK worker scheme is crucial to upending it as an urgent corporate security threat.”

Below are excerpts from the Fortune article.

Fortune Magazine

By: Amanda Gerut | May 14, 2025

An extensive consortium of Chinese businesses—broader than previously believed—could be knowingly or unknowingly propping up a vast global scheme in which North Korean tech workers fund the regime’s nuclear weapons program through remote jobs at Fortune 500 businesses, a new investigation has revealed.

According to a Tuesday report published by strategic intelligence firm Strider, a sanctioned Chinese company identified by the U.S. Treasury this year for shipping computers, graphics cards, and HDMI cables to a North Korean weapons group, is connected through personal and organizational ties to 35 other firms. Strider’s report urges further investigation into the three dozen linked firms given the threat to national security and the lucrative success of the North Korean IT worker scheme.

...

The Strider report underscores that Chinese companies serve as essential intermediaries in the North Korean IT worker conspiracy. They provide technical infrastructure, cover for the scheme, and serve as financial conduits for money laundering. Strider reported China’s proximity to North Korea and its vast digital infrastructure and loosey-goosey regulatory environment make it an enticing place for North Korea to send its IT workers. They operate out of metropolitan areas like Beijing, Dalian, and Shenyang through front companies, joint ventures, or Chinese firms.

“Nearly every Fortune 500 company has grappled with how to safeguard their workforce from the threat of infiltration by DPRK actors posing as IT workers,” Strider CEO and co-founder Greg Levesque told Fortune in a statement. “Our research at Strider reveals how front companies based in the PRC are enabling this coordinated DPRK campaign.”

In a statement, Chinese embassy spokesperson Liu Pengyu told Fortune he was not aware of the specifics in Strider’s report.

“We oppose false allegations and smears which have no factual ground at all,” Pengyu said.

North Korea Sanctions
In January, the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Liaoning China Trade Industry Co. for supplying the DPRK government with laptops, cables, graphics cards, and other equipment involved in carrying out the IT workers scheme.

OFAC found Liaoning China Trade (LCT) had shipped the tech equipment to Department 53 of The Ministry of The People’s Armed Forces, which is a DPRK weapons-trading entity under the regime’s Ministry of National Defense. The OFAC action included two Department 53 front companies, Korea Osong Shipping Co. and Chonsurium Trading Corporation, for hosting delegations of DPRK IT workers at sites in Laos. Two people, one in Laos who managed the DPRK IT workers, Jong In Chol, and Son Kyong Sik in Shenyang, China, were also sanctioned. Son was identified as being the China-based chief representative of Department 53’s Osong front company.

However, the Strider investigation concluded there may be more digging needed by U.S. authorities based on their findings. LCT is linked to 35 other companies that could potentially be involved in the scheme and interwoven into the supply chains of businesses as vendors or third-party providers. All 35 are based in the People’s Republic of China and all are trade companies similar to LCT, in that they procure, manufacture, and ship goods all over the world.

One identified in the report, Dandong Deyun Trading Co., is registered in China as a wholesaler and retailer of textiles and electronics. Another, Guangzhou Aiyixi Trading Co., is registered as a wholesaler of cosmetics, daily necessities, commercial induction cookers, and bathroom mirror cabinets. A third, Yongping Zhuoren Mining Co. is a wholesaler of minerals and building products.

The Strider report did not definitively conclude that the 35 companies linked to LCT are also providing support to the DPRK IT workers scheme but suggests that all could merit further investigation given the risk that companies could be unwittingly hiring North Korean workers.

“Treasury has begun announcing sanctions on individuals and entities engaged in these efforts, but a more wholesale examination of the infrastructure underpinning the DPRK worker scheme is crucial to upending it as an urgent corporate security threat,” said Levesque.

The Chinese embassy did not immediately respond to a request for comment.