North Korea’s 100,000‑Strong Cyber Workforce Generates Half‑Billion Dollars a Year for Kim Jong Un

North Korea’s cyber‑crime machine is larger than most people realize. A covert network of roughly 100,000 state‑backed hackers—often called the “fake IT worker army”—has been quietly funneling about $500 million into the regime’s coffers each year.

North Korea’s cyber‑crime machine is larger than most people realize. A covert network of roughly 100,000 state‑backed hackers—often called the “fake IT worker army”—has been quietly funneling about $500 million into the regime’s coffers each year. The operation, which blends sophisticated phishing, ransomware, and cryptocurrency theft, is a key pillar of the Kim Jong Un government’s survival strategy amid crippling sanctions.

The Hidden Workforce Behind North Korea’s Cyber Empire

Unlike the public image of a militaristic, isolated nation, the country’s cyber‑operations are organized like a sprawling corporate structure. The “fake IT workers” are not actual IT professionals; they are recruited from the ranks of the Korean People’s Army and the Ministry of State Security. They receive training in computer science, cryptography, and social engineering, then are deployed to run botnets, launch phishing campaigns, and manage cryptocurrency wallets.

Sources from cybersecurity firms that track state‑sponsored activity estimate that the group’s size has grown steadily since the early 2010s. The army’s members are split into regional units that target specific industries—finance, healthcare, and logistics—each tailored to the most lucrative vulnerabilities.

How the Fake IT Workers Make Money

The revenue stream is diversified across several high‑yield tactics:

  • Phishing and credential theft: The army sends mass emails that mimic legitimate banking or cloud services, luring employees into giving up login details. The stolen credentials are then sold on underground forums.
  • Ransomware campaigns: Using custom malware, the hackers lock corporate networks and demand payment in cryptocurrency. The ransom amounts can reach millions of dollars.
  • Cryptocurrency mining: Botnets spread across the globe infect vulnerable devices, turning them into mining rigs for coins like Monero and Bitcoin. The mined coins are funneled through a maze of mixers to obscure their origin.
  • Data exfiltration and resale: Sensitive documents—everything from trade secrets to personal data—are extracted and sold to the highest bidder, often to rival states or criminal syndicates.

Financial analysts estimate that the combination of these methods accounts for roughly $500 million annually, a figure that dwarfs the revenue from traditional exports such as coal and textiles. The money is funneled through shell companies registered in Panama, the British Virgin Islands, and other low‑visibility jurisdictions, then transferred to accounts controlled by senior officials.

International Repercussions and the Fight Against Cybercrime

The United Nations and the U.S. Treasury have imposed multiple sanctions targeting North Korean cyber‑criminals. In 2024, the U.S. Office of Foreign Assets Control (OFAC) added 200 individuals and entities linked to the fake IT army to its Specially Designated Nationals list, freezing their assets and prohibiting U.S. persons from dealing with them.

Despite these measures, the regime continues to adapt. New malware variants are released every few months, and the army has begun exploiting supply‑chain attacks—targeting software updates for popular open‑source projects—to broaden its reach. Cyber‑security

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

If you like this post you might also like these

back to top