Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

North Korean fake-persona remote job infiltration campaign against Western tech companies

Campaign
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

A North Korean fake-persona campaign is using remote job applications to gain trusted insider access at Western tech companies, creating theft and espionage risk. SentinelOne tracked over 1000 job applications and roughly 360 fake personas tied to the operation over the last year. The tactic matters because accounts that appear legitimate can bypass traditional intrusion defenses and enable unauthorized access from inside the network.

Related Happenings

Scattered Spider SMS phishing and SIM-swap crypto theft campaign

Campaign
First: 20.04.2026 16:33 Last: 20.04.2026 16:33 Sources 1

About this happening: The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...

Open Happening

North Korean remote IT worker scam operation targeting American companies

Campaign
First: 16.04.2026 19:00 Last: 16.04.2026 19:00 Sources 1

About this happening: A long-running **North Korean remote IT worker scam operation** used **stolen identities** and fake placements to embed operators inside **more than 100 American companies**. The...

Open Happening

2025 Rise in legitimate-access intrusions across enterprise sectors

Target Trend
First: 01.04.2026 17:05 Last: 01.04.2026 17:05 Sources 1

About this happening: **Legitimate access abuse** is now a leading intrusion pattern across **2025** investigations, increasing the risk of stealthy compromise across **manufacturing, healthcare, MSPs,...

Open Happening

Contagious Interview cryptocurrency social-engineering and malware-delivery campaign

Campaign
First: 23.03.2026 20:09 Last: 23.03.2026 20:09 Sources 1

About this happening: A **North Korean** cluster behind **Contagious Interview / WaterPlum** is running a coordinated **malware campaign** against **cryptocurrency professionals**, increasing the risk...

Open Happening

North Korean stolen-identity IT job campaign against U.S. companies

Campaign
First: 20.02.2026 11:00 Last: 20.02.2026 11:00 Sources 1

About this happening: A **North Korea-linked** IT-worker campaign used **stolen identities** and **proxy accounts** to fraudulently place remote workers at **40 U.S. companies**, creating unauthorized...

Open Happening

Timeline

  1. 25.03.2026 17:30 2 articles · 2mo ago

    North Korean fake-persona hiring campaign targets Western tech companies

    Campaign Scope Update

    SentinelOne warned that North Korean operations linked to more than 1,000 remote job applications and roughly 360 fake personas targeted Western tech companies, using fake identities, social engineering and AI deepfake interviews to obtain legitimate access and enable theft or espionage from inside affected networks.

    Show sources
    Open in new tab