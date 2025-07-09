In a major crackdown, Microsoft has suspended 3,000 Outlook and Hotmail accounts linked to North Korean IT workers involved in a global job fraud scheme. The company's Threat Intelligence team, calling the operation "Jasper Sleet," outlined its findings in a detailed post, revealing the scope of the elaborate scam.

The US Department of Justice also joined the operation, seizing hundreds of laptops, 29 financial accounts, and shutting down nearly 24 websites. Authorities raided 29 "laptop farms" across the US, where Americans were helping foreign workers gain unauthorized access to remote jobs, according to the Fortune Magazine.

These accomplices either installed remote access tools on company-issued laptops or shipped them to countries like Russia and China. Some Americans even rented out their identities to help North Koreans apply for US tech jobs.

A Maryland nail salon worker was recently caught running a massive scheme, managing 13 remote IT jobs on behalf of North Korean workers. He pocketed nearly $1 million through this illicit activity. After pleading guilty to conspiracy to commit wire fraud, he's set to be sentenced in August. This case is part of a larger effort to crack down on North Korea's use of overseas tech jobs to fund its regime.

According to the Microsoft Security, North Korea has deployed thousands of remote IT workers to assume jobs in software and web development as part of a revenue generation scheme for the North Korean government. These highly skilled workers are most often located in North Korea, China, and Russia, and use tools such as virtual private networks (VPNs) and remote monitoring and management (RMM) tools together with witting accomplices to conceal their locations and identities.

Historically, North Korea's fraudulent remote worker scheme has focused on targeting United States (US) companies in the technology, critical manufacturing, and transportation sectors. However, we've observed North Korean remote workers evolving to broaden their scope to target various industries globally that offer technology-related roles. Since 2020, the US government and cybersecurity community have identified thousands of North Korean workers infiltrating companies across various industries.

The North Korean IT worker scheme generates up to $600 million a year, according to UN estimates, and the IT workers share information with more malicious cyber attackers that have stolen billions in crypto. The revenue generated by the scheme and the illicitly heisted crypto are used to fund DPRK authoritarian ruler Kim Jong Un's nuclear weapons program, according to the FBI and the US Department of Justice.