North Korean Defector Reveals Inside Story of State-Sponsored Candidate Fraud. Incode Blog

North Korean Defector Reveals Inside Story of State-Sponsored Candidate Fraud

In August 2025, the BBC published an in-depth report featuring rare testimony from a North Korean defector. The interview sheds light on a vast and lucrative scheme run by Pyongyang to secretly place state-sponsored IT workers inside Western companies.

In a confidential interview, “Jin-su” (a pseudonym) revealed that over several years he used hundreds of fake identities to secure remote IT jobs across the US and Europe. This large-scale candidate fraud was part of a coordinated, state-run operation designed to funnel millions of dollars back to North Korea.

According to UN estimates, secret IT workers generate between $250m and $600m annually for North Korea. The scheme thrived during the pandemic, when remote work became widespread, and has only grown since.

Stolen Credentials and Fake Identities

Workers like Jin-su operate in teams abroad—often in China, Russia, or Africa—where internet access is unrestricted compared to North Korea. They impersonate Westerners to bypass sanctions and secure higher pay.

Jin-su’s strategy often began by posing as Chinese and persuading people in countries like Hungary or Turkey to “lend” their identities, before eventually obtaining UK or US profiles to target higher-paying jobs.

Once hired, many workers stick to regular IT duties, but some have stolen sensitive data or even hacked employers to demand ransom.

The hiring pipeline has become a new attack vector, with stolen or fabricated identities being used to infiltrate companies as remote workers.
The hiring pipeline has become a new attack vector, with stolen or fabricated identities being used to infiltrate companies as remote workers.

From State-Sponsored Scams to Everyday Hiring Risks

While Jin-su’s story exposes an extreme, state-backed infiltration, it highlights a broader issue: candidate fraud is on the rise everywhere. From lone scammers to organized networks, fraudulent applicants are slipping into hiring pipelines using stolen identities, fabricated credentials, or even AI-generated personas.

In the age of remote work, deception is easier than ever. At Incode we’re seeing growing trends in identity fraud. Generative AI tools are being used to create facial deepfakes to bypass detection, resumes are generated instantly by AI, and identity documents are forged with startling realism.

For businesses, the risks are real, ranging from wasted recruitment spend to insider threats and data breaches.

How Incode Workforce Stops Candidate Fraud

Incode Workforce Candidate Verification is built to meet this challenge head-on, securing hiring processes from the initial application stage to interview to Day 1 onboarding.

  • Biometric Identity Verification: Confirms authenticity by matching a live selfie with a government-issued ID in under 30 seconds.
  • Deepfake and Synthetic Media Detection: Flags face-swapping, AI filters, or any visual manipulation in real time.
  • Risk Scoring and Early Fraud Filtering: Uses device, IP, and behavioral data to identify high-risk profiles before interviews even happen.
  • Seamless ATS and Collaboration Tool Connectivity: Connects with platforms like Greenhouse, Workday, Slack, Zoom, and Teams to fit into existing hiring and communication workflows

With the ability to detect up to 99.6% of fraudulent attempts, Incode helps companies prevent infiltration, protect sensitive systems, and maintain trust in their workforce.

Learn more about Incode Workforce’s Candidate Verification.

Additional Resources:

Godwin, Beth and Lee, Julie Yoonnyung. North Korea sent me abroad to be a secret IT worker. My wages funded the regime. August 2025.