In this news:
Skip to main content
Tech Radar Pro
Tech Radar Gaming
Tech Radar Pro
TechRadar the business technology experts
Search TechRadar
View Profile
België (Nederlands)
Deutschland
North America
US (English)
Australasia
New Zealand
Expert Insights
Website builders
Web hosting
World Password Day
Best website builder
Best web hosting
Best office chairs
Expert Insights
Recommended reading
North Korean fake job hackers are going the extra mile to make sure their scams seem legit
North Korean hackers are using advanced AI tools to help them get hired at Western firms
Google warns North Korean spies are gaining positions in Western firms
Asking remote job candidates this shocking question could save your company big bucks, security expert says
North Korean hackers are using LinkedIn to entice developers to coding challenges - here's what you need to know
North Korea unveils new military unit targeting AI attacks
SentinelOne targeted by Chinese espionage campaign probing customers and infrastructure
These North Korean IT workers have been infiltrating Western businesses since 2016
Ellen Jennings-Trace
12 May 2025
The Nickel Tapestry threat continues
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Shutterstock)
North Korean hackers have been impersonating job applicants
These applicants gain employment in western firms
New research suggests these campaigns have been going on since 2016
North Korean hackers have been making the headlines recently by fraudulently gaining employment in western firms. Research from Sophos’s Counter Threat Unit (CTU) has been tracking this as the Nickel Tapestry campaign, identifying infrastructure links that suggest money-making schemes have been operating since 2016.
The research shows that the campaign is increasingly targeting European and Japanese organizations - probably thanks to increased awareness amongst American companies. These fraudulent job applicants have been observed impersonating Japanese, Vietnamese, and Singaporean professionals, as well as American personas.
Previous research has shown that North Korean hackers are posing as software development recruiters to target freelancers, spreading malware through the recruitment scams and stealing cryptocurrency from victims.
You may like
North Korean fake job hackers are going the extra mile to make sure their scams seem legit
North Korean hackers are using advanced AI tools to help them get hired at Western firms
Google warns North Korean spies are gaining positions in Western firms
Save up to 68% for TechRadar readers!
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)
Dual objectives
The salaries earned by the hackers seem to help fund the government interests of the Democratic People’s Republic of Korea - and record breaking crypto scams have also successfully earned the Lazarus hacking group $1.5 billion. Around $300 million of this was successfully converted by the group into unrecoverable funds from this one incident alone, so these campaigns are lucrative for the state.
That’s not all though, as the fraudulent workers have also been observed stealing credentials and exfiltrating data, as well as deliberately gaining employment in industries with sensitive data, like defense, aerospace, and cybersecurity.
These roles allow the workers to use remote access software and AI generated writing, CV building, image editing, and video enhancing tools to impersonate legitimate workers and circumvent default systems.
Organizations are urged to remain vigilant and to check candidate identities thoroughly, and review their CVs and addresses thoroughly, even suggesting in-person interviews where possible.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
As remote positions become increasingly popular, companies should “monitor for traditional insider threat activity, suspicious usage of legitimate tools, and impossible travel alerts to detect activity often associated with fraudulent workers” Sophos confirms.
You might also like
Take a look at our picks for the best malware removal software around
Check out our choice for best antivirus software
PowerSchool hit by cyberattack which saw student and teacher data stolen
Ellen Jennings-Trace
Staff Writer
Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
North Korean fake job hackers are going the extra mile to make sure their scams seem legit
North Korean hackers are using advanced AI tools to help them get hired at Western firms
Google warns North Korean spies are gaining positions in Western firms
Asking remote job candidates this shocking question could save your company big bucks, security expert says
North Korean hackers are using LinkedIn to entice developers to coding challenges - here's what you need to know
North Korea unveils new military unit targeting AI attacks
Latest in Security
Outdated and unsecured IoT devices are a serious risk for UK businesses
Most businesses can't fill cyber roles leaving huge gaps in defense
This Microsoft 365 phishing campaign can bypass MFA - here's what we know
AI is making phishing emails far more convincing with fewer typos and better formatting: Here's how to stay safe
Criminals are targeting Bitcoin owners on Facebook with a multi-stage malware campaign - follow these steps to stay safe
Microsoft employees join the list of those banned from using DeepSeek
Latest in News
Outdated and unsecured IoT devices are a serious risk for UK businesses
Freepik launches new enterprise AI plan - but is it enough to tackle Adobe’s dominance in the field?
Most businesses can't fill cyber roles leaving huge gaps in defense
Windows 11 gets more AI upgrades we didn’t ask for – as Copilot pops up on the desktop and Microsoft Store
AllTrails is the latest app with an AI-powered subscription tier – but it looks way more useful than the genAI from Garmin and Strava
Nintendo now says it can disable your Switch or potentially even your new Switch 2 if you don't follow its user agreement
LATEST ARTICLES
Freepik launches new enterprise AI plan - but is it enough to tackle Adobe’s dominance in the field?
Don't miss the Samsung Galaxy Tab S6 Lite at its lowest price on Amazon
Forget the Nintendo Switch 2 – MSI’s surprise new Steam Deck rival could be the handheld gaming device to get without costing a fortune
I suggest streaming these 3 movies with great Rotten Tomatoes ratings before they leave Prime Video
Outdated and unsecured IoT devices are a serious risk for UK businesses
TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
Contact Future's experts
Terms and conditions
Privacy policy
Cookies policy
Advertise with us
Web notifications
Accessibility Statement
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
Please login or signup to comment
Please wait...
.png)
