"The North Korean IT worker threat extends well beyond tech companies, with fraudsters interviewing at a "surprising" number of healthcare orgs, according to Okta Threat Intelligence. In research published Tuesday, the identity services provider said nearly half of the companies (48 percent) targeted by the scam fall outside the IT sector, and fraudsters are increasingly applying for remote jobs in finance, healthcare, public administration and professional services."
"Okta tracked more than 130 identities operated by facilitators and workers participating in the scheme, and linked these individuals to more than 6,500 initial job interviews across more than 5,000 different companies from 2021 up until mid-2025. "Okta assesses any given identity as DPRK-aligned based on a combination of technical indicators, behavioral patterns and first-hand employer reporting," according to the report."
Okta tracked over 130 identities tied to facilitators and workers who fraudulently applied for remote positions, linking them to more than 6,500 initial interviews at over 5,000 companies from 2021 through mid-2025. Nearly half of targeted companies fall outside the IT sector, with increasing applications aimed at finance, healthcare, public administration and professional services. The actors largely originate from North Korea or funnel proceeds back to Pyongyang. DPRK alignment assessments used technical indicators, behavioral patterns and employer reports. Researchers withheld methodological details and warned the tracked identities likely represent only a small sample of active activity, while law enforcement and security firms have raised alarms.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]