A new report reveals how North Korean IT operatives are penetrating Western organizations through an elaborate network of front companies and falsified identities, often with support from Chinese-based entities.
Strider Technologies published “Inside the Shadow Network: North Korean IT Workers and Their PRC Backers” on Tuesday, detailing how these workers pose as remote contractors to access sensitive information, advance North Korean geopolitical goals, and generate revenue for the regime.
According to the report, up to 90% of earnings from these operations directly fund North Korea’s weapons of mass destruction and ballistic missile programs.
“North Korean actors, often posing as freelance developers or engineers, are engaged in a coordinated DPRK campaign to infiltrate Western organizations and generate desperately needed revenue,” said Greg Levesque, CEO and Co-Founder of Strider.
Chinese entities provide crucial support
The report highlights how Chinese-based intermediaries play a critical role in enabling North Korean operations by providing access to digital platforms, payment systems, and employment marketplaces.
Strider identified a Chinese company that was sanctioned by the U.S. Treasury Department for shipping IT equipment to Department 53, a weapons-trading entity within North Korea’s Ministry of National Defense.
Further investigation uncovered 35 additional Chinese-based organizations linked to the sanctioned company through organizational and personal connections. These affiliated companies could also be supporting North Korean operations.
Tactics and global presence
North Korean IT workers use sophisticated tactics including:
- Creating fake identities and front companies
- Exploiting freelance platforms like Upwork and Fiverr
- Developing software with hidden malicious code
- Participating in cybercrime and cryptocurrency manipulation
The report maps the global spread of these workers across China, Russia, Southeast Asia, Africa, and the Middle East.
Business risks
Organizations that unwittingly hire North Korean operatives face significant threats including:
- Intellectual property theft
- Data breaches and espionage
- Regulatory violations and sanctions
- Reputational damage
- Financial losses from cybercrime
Strider recommends that businesses implement enhanced due diligence, strengthen cybersecurity measures, and ensure compliance with international sanctions to mitigate these risks.
See the full report here: https://content.striderintel.com/wp-content/uploads/2025/05/Strider-Inside-Shadow-Network-Report.pdf
