Detecting Fraudulent North Korean Hires: A CISO Playbook
Sophos, Wednesday, November 5th, 2025
Has a North Korean threat actor applied for a position at your organization, or even been hired? We're sharing a toolkit to help you detect and avoid that risk.
The North Korean worker scheme has expanded into a global threat. Although it originally focused on U.S. technology companies, the scheme has spread to other regions and sectors, including finance, healthcare, and government. Any company hiring remote workers is at risk; as a remote-first technology company, even Sophos has been targeted by North Korean state-sponsored operatives posing as IT workers.