A U.S. company exposed what they believe was a North Korean operative who had been hired as a remote IT worker. The discovery reveals a broader scheme where North Korea is earning revenue and potentially accessing sensitive systems by placing workers in American tech companies under fake identities.

Cybersecurity firm Nisos identified the suspect during a job interview for an AI position in June. The candidate, known as "Jo," exhibited all the red flags: poor English despite claiming 15+ years of experience, appeared to be reading AI-generated responses with unusual pauses, and abruptly disconnected when asked to share his screen.

Jared Hudson, Nisos' CTO, described the interaction: "It was very much like interacting with a politician reading off a teleprompter."

But here's where it gets interesting - instead of just ghosting the candidate, Nisos alerted the FBI and set up a sting operation. They offered Jo a $5,000 retainer and mailed him a monitoring-enabled laptop to a Florida address. When activated, the webcam revealed approximately 40 networked devices - a "laptop farm" setup.

This is the remote work era's dark side. Companies hired fully remote workers without ever meeting them in person. Some of those workers are state-sponsored operatives. How did this happen? What verification failed?

Over three months, Nisos uncovered at least 20 North Korean operatives who collectively applied to approximately 160,000 positions. The operation appears to be based in China with facilitation from American citizens operating from Florida homes. Jo alone applied to roughly 5,000 jobs yearly.

The scale is staggering. Estimates suggest these schemes generate $600-800 million annually for the North Korean regime, with 90% of individual worker earnings (up to $300,000 yearly) directed back home. Workers were disciplined with $1 salary deductions per application errors - a detail that speaks to the industrial scale of this operation.