North Korean fake-persona remote job infiltration campaign against Western tech companies
Campaign
Summary
Hide ▲
Show ▼
A North Korean fake-persona campaign is using remote job applications to gain trusted insider access at Western tech companies, creating theft and espionage risk. SentinelOne tracked over 1000 job applications and roughly 360 fake personas tied to the operation over the last year. The tactic matters because accounts that appear legitimate can bypass traditional intrusion defenses and enable unauthorized access from inside the network.
Related Happenings
Meta For Business Facebook Messenger fake-verification phishing campaign
Campaign
H score29
First: 07.07.2026 10:00
Last: 07.07.2026 10:00
Sources 1
About this happening:
A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...
Meta For Business Facebook Messenger fake-verification phishing campaign
CampaignAbout this happening: A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
Campaign
H score53
First: 20.04.2026 16:33
Last: 20.04.2026 16:33
Sources 1
About this happening:
The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
CampaignAbout this happening: The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
North Korean remote IT worker scam operation targeting American companies
Campaign
H score41
First: 16.04.2026 19:00
Last: 16.04.2026 19:00
Sources 1
About this happening:
A long-running **North Korean remote IT worker scam operation** used **stolen identities** and fake placements to embed operators inside **more than 100 American companies**. The...
North Korean remote IT worker scam operation targeting American companies
CampaignAbout this happening: A long-running **North Korean remote IT worker scam operation** used **stolen identities** and fake placements to embed operators inside **more than 100 American companies**. The...
2025 Rise in legitimate-access intrusions across enterprise sectors
Trend
H score28
First: 01.04.2026 17:05
Last: 01.04.2026 17:05
Sources 1
About this happening:
**Legitimate access abuse** is now a leading intrusion pattern across **2025** investigations, increasing the risk of stealthy compromise across **manufacturing, healthcare, MSPs,...
2025 Rise in legitimate-access intrusions across enterprise sectors
TrendAbout this happening: **Legitimate access abuse** is now a leading intrusion pattern across **2025** investigations, increasing the risk of stealthy compromise across **manufacturing, healthcare, MSPs,...
Contagious Interview cryptocurrency social-engineering and malware-delivery campaign
Campaign
H score37
First: 23.03.2026 20:09
Last: 23.03.2026 20:09
Sources 1
About this happening:
A **North Korean** cluster behind **Contagious Interview / WaterPlum** is running a coordinated **malware campaign** against **cryptocurrency professionals**, increasing the risk...
Contagious Interview cryptocurrency social-engineering and malware-delivery campaign
CampaignAbout this happening: A **North Korean** cluster behind **Contagious Interview / WaterPlum** is running a coordinated **malware campaign** against **cryptocurrency professionals**, increasing the risk...
Timeline
-
25.03.2026 17:30 2 articles · 3mo ago
North Korean fake-persona hiring campaign targets Western tech companies
Campaign Scope UpdateSentinelOne warned that North Korean operations linked to more than 1,000 remote job applications and roughly 360 fake personas targeted Western tech companies, using fake identities, social engineering and AI deepfake interviews to obtain legitimate access and enable theft or espionage from inside affected networks.
Show sources
- Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne — www.infosecurity-magazine.com — 25.03.2026 17:30
- Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne — www.infosecurity-magazine.com — 25.03.2026 17:30