Companies around the world are being confronted by an emerging trend in which North Korean nationals, concealing their true identities, secure roles as remote employees and contractors across a variety of sectors. Security researchers highlight that this approach is no longer confined to major US technology enterprises. The tactics adopted by these operatives have shifted, allowing them to penetrate fields ranging from finance to healthcare, and to operate unnoticed in countries outside the United States. As remote work remains integral to many businesses’ growth strategies, the risks supplied by fraudulent actors have started raising concerns among security professionals internationally.
Compared to earlier investigations that largely documented North Korean IT worker activity within US technology firms, recent findings reveal a broader scope both in geography and industry. Security analysis from companies such as Mandiant and CrowdStrike report similar surges in activity, with hundreds of major corporations—Fortune 500 among them—falling victim. Official responses from US departments have included seizures of cryptocurrency and the implementation of sanctions, but the operations persist and seem to become more sophisticated with each passing year, now reaching European, Canadian, and Asia-Pacific markets in significant numbers.
Which Sectors Have Been Targeted by North Korean Workers?
According to Okta Threat Intelligence, while technology firms continue to see a high concentration of applicants, almost every sector has witnessed attempted infiltration. Industries such as finance, insurance, healthcare, manufacturing, and public administration have seen growing numbers of North Korean job applications. The evidence is based on trackers of over 130 different identities and more than 6,500 job interview attempts at about 5,000 companies between 2021 and mid-2025. This shift demonstrates that the tactic is far-reaching and not exclusively an IT or US-centric threat.
How Are North Korean Operatives Expanding International Reach?
Researchers at Okta identified that over one quarter of targeted job roles were outside the United States, with notable numbers in the United Kingdom, Germany, and Canada. Additional hotspots for activity include India, Singapore, Australia, Japan, and several European countries. Analysts note that, in these markets, awareness and response capabilities remain less developed, making non-US-based firms more vulnerable to these elaborate schemes. Okta reported,
“Years of sustained activity against a broad range of U.S. industries have allowed Democratic People’s Republic of Korea-aligned facilitators and workers to refine their infiltration methods,”
emphasizing the improving adaptability of these actors.
What Motivates the Scheme’s Broadening Tactics?
The pursuit of income generation while bypassing sanctions remains central to the expansion of North Korean cyber operations. The operatives appear guided by the pragmatics of remote work and online recruitment processes, targeting any company willing to hire remote talent. The Okta team stated,
“It’s possible that increased awareness of this threat — as well as government and private sector collaborative efforts to identify and disrupt their operations — may be an additional driver for them to increasingly target roles outside of the US and IT industries.”
As cybersecurity awareness grows within US tech, North Korean actors adapt by targeting sectors and nations where due diligence processes are less mature.
The analysis presented by Okta and corroborated by industry peers highlights how North Korean infiltration of remote roles is no longer a localized or purely technological issue. The data suggests a refined approach: operations are systematically extending to finance, healthcare, and beyond in both established and emerging markets. Employers, especially those outside the US, are encouraged to strengthen their employee verification methods and maintain up-to-date awareness of how these schemes operate. Companies need to recognize that remote recruitment processes remain an attractive entry point for sophisticated actors, and that threat landscapes are quickly evolving with international labor trends. Steps like stronger cross-industry communication, robust background checks, and ongoing training for HR staff can mitigate the risk presented by these hidden operatives, contributing to global business integrity. Firms hiring remotely may benefit from collaborative intelligence-sharing and periodic audits to help spot fraudulent applicants worldwide.
