
How Did the North Korean IT Scam Work?
Dubbed “Operation Jasper Sleet” by the Microsoft Threat Intelligence team, the scheme involved North Korean IT scam workers posing as freelancers to infiltrate U.S. companies.
Key Tactics:
- Fake Identities: Workers used VPNs and remote management tools to hide their locations.
- American Accomplices: Some U.S. citizens rented out their identities or shipped company laptops abroad.
- Laptop Farms: Physical hubs where Americans helped foreign workers access U.S. jobs illegally.
One Maryland nail salon worker managed 13 remote IT jobs for North Koreans, earning nearly $1 million before being caught.
North Korean IT Scam: Why Did the U.S. Crack Down Now?
North Korea has deployed thousands of IT workers globally to generate revenue for its regime. According to the FBI and UN estimates, this scam brings in $600 million per year, funding:
- Nuclear weapons development
- Cyberattacks and cryptocurrency theft
Industries Targeted:
- Tech
- Critical manufacturing
- Transportation
Microsoft noted that North Korean operatives are expanding into other sectors, making the crackdown urgent.
What Was Seized in the Raids?
The FBI and DoJ took down key parts of the operation, including:
✔ 3,000 fraudulent Microsoft accounts (Outlook/Hotmail)
✔ Hundreds of laptops used in the scam
✔ 29 financial accounts receiving illicit payments
✔ 24 websites facilitating the fraud
How Were Americans Involved?
Some U.S. citizens knowingly participated by:
- Installing remote access tools on company laptops.
- Shipping devices to Russia or China for North Korean workers.
- Renting out their identities for job applications.
The Maryland case highlights how some Americans profited from the scheme—until getting caught.
What Happens Next?
- Sentencing: The Maryland accomplice faces sentencing in August.
- Ongoing Investigations: More arrests are likely as authorities track financial flows.
- Corporate Vigilance: Companies are urged to strengthen remote hiring checks.



