We value your privacy

We use cookies to enhance your browsing experience and analyze traffic anonymously for internal statistical purposes. By clicking “Accept all,” you consent to the use of cookies.

News Flash

How America (unintentionally) helps North Korean hackers

From “laptop farms” in the US to fake profiles on LinkedIn: here's how Pyongyang exploits remote work to spy, scam and collect millions of dollars

Cyber espionage in the USA

20 June 2025

Table of contents

  • The new frontier of cyber espionage starts in the USA
  • How the scam works: stolen identities, AI, and American accomplices
  • Up to $17 million for Pyongyang… and 9 years in prison for accomplices
  • Objectives: espionage, extortion and armaments
  • Rewards and Manhunt

The new frontier of cyber espionage starts in the USA

In an increasingly complex scenario of global cyber security , a disturbing paradox emerges: it is not only Pyongyang’s IT skills that support North Korean hackers , but also compliant American citizens.

The latest investigation published on Corriere.it by Roberto Cosentino tells how these collaborations translate into a millionaire flow of funds destined for Kim Jong-un’s regime.

There is talk of “laptop farms ,” or entire apartments full of computers managed by US citizens on behalf of North Korean cyber-employees infiltrated into Western tech companies.

How the scam works: stolen identities, AI, and American accomplices

The plan is as simple as it is ingenious. Hackers send hundreds of falsified resumes to U.S. companies, often using stolen documents and artificial intelligence software to alter faces during interviews.

Once they have obtained the job, often remotely, “American sponsors” come into play : people in financial difficulty contacted via TikTok or LinkedIn who agree to provide the physical and bureaucratic infrastructure to let them work from the United States.

These accomplices:

  • receive laptops from American companies
  • they keep them in their home
  • allow hackers to gain remote access via connections not traceable to North Korea
  • they fill out false tax documents

Up to $17 million for Pyongyang… and 9 years in prison for accomplices

The case of Christina Chapman is emblematic. For four years she ran a “laptop farm” at the service of hackers, earning 120,000 euros. But once discovered, she lost everything and now risks up to 9 years in prison.

The companies affected? More than 300 in his case alone, for a total of nearly $17 million in salaries unknowingly paid to North Korean cybercriminals .

Objectives: espionage, extortion and armaments

The information obtained by hackers is used to:

  • access sensitive and confidential data
  • record confidential company meetings
  • carry out digital blackmail
  • assist the regime in the development of technological weapons

The economic impact is devastating. According to the FBI , the scam involves thousands of fake workers and generates hundreds of millions of dollars a year , a significant portion of the entire North Korean economy.

Rewards and Manhunt

The United States is now offering up to $5 million for help stopping these schemes. The FBI has released the real faces of the hackers involved and has issued multiple arrest warrants.

But the real question is: how many other “hidden laptop farms” still exist?

Sources

Corriere.it Technology – Article by Roberto Cosentino: How (Corrupt) American Citizens Help North Korean Hackers Steal Data and Money from Western Companies

Questions and answers

  1. What are “laptop farms”?
     These are homes or offices in the United States where American citizens operate computers on behalf of North Korean hackers operating remotely.
  2. How are North Korean hackers hired?
     They use stolen identities and AI to pass remote interviews with American companies.
  3. Why do American citizens agree to help?
     For money: they are often in financial difficulty and are contacted via social media.
  4. What do the American accomplices risk?
     Up to 9 years in prison for complicity in fraud and computer espionage.
  5. What kind of data is stolen?
     Confidential company data, access to internal systems, meeting recordings.
  6. How do hackers from North Korea connect?
     Through VPNs and American connections provided by accomplices.
  7. How much money does North Korea make from this activity?
     According to the FBI, hundreds of millions of dollars each year.
  8. Are there any other investigations underway?
     Yes, the case is being investigated by the FBI and cyber security companies such as CrowdStrike.
  9. What role does LinkedIn play in this scam?
     It is one of the platforms used to find remote work under a false identity.
  10. What can companies do to protect themselves?
     Strengthen hiring controls and monitor remote employee activities.
5
To top