North Korean 'fake worker' scheme caught live on camera

1. Pro
2. Security

North Korean 'fake worker' scheme caught live on camera News By Ellen Jennings-Trace published 3 December 2025

New intelligence operation let researchers watch Lazarus operators work live

Comments (0) ()

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Shutterstock)

• Researchers tricked North Korean hackers running a fake job campaign
• They were tricked into using a sandbox they thought was a legitimate laptop
• This gives valuable insight into their tactics.

An investigation run by BCA Ltd founder, Mauro Eldritch, in partnership with Northscan and ANY.RUN has observed the infamous Lazarus group in one of its most notorious schemes - the ‘malicious interview’ campaign. Within this scheme, workers from the DPRK aim to trick legitimate recruiters into hiring them for high-profile companies - a position they can use to carry out malicious activities.

Researchers from this intelligence gathering operation were able to trap the hackers with what hackers believed were ‘real developer laptops’ - but were actually remotely controlled sandbox environments belonging to ANY.RUN.

During the most recently observed campaign, hackers recruited genuine engineers to act as a front man for them, offering between 20% and 30% of the salary in return for them attending interviews and meetings.

You may like

• North Korean hackers target European defense firms with dream job scam
• New macOS malware chain could cause a major security headache - here's what we know
• North Korean hackers generate fake South Korean military ID using ChatGPT

Aura Identity Theft: at Aura Inc

Save up to 68% for TechRadar readers on Aura's Identity theft protection

TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

View Deal

Famous Chollima

By tricking the criminals, who go by the name ‘Famous Chollima’, into using the sandbox, researchers were able to expose their tactics - and a limited but powerful set of tools that enable them to take over identities without deploying ransomware.

The criminals were found to be using; Browser-based OTP generators, AI automation tools, and Google remote Desktop to bypass 2FA and enable consistent control of the host.

This isn’t particularly surprising, since we’ve seen plenty of different iterations of these attacks with evolving strategies and tech tools. The FBI recently released a statement warning of efforts from the North Korean hackers,

“North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea's determination to compromise networks connected to cryptocurrency assets.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

With this research, security teams gain a more detailed insight into the workings of these criminal groups - and companies can be more secure in their defenses. It’s important for firms to understand the common tools these organizations use, because one compromise could lead to a much more significant infiltration.

Via: The Hacker News

The best ID theft protection for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best identity theft protection1. Best overall:Aura2. Best for families:IdentityForce3. Best for credit beginners:Experian IdentityWorks

Ellen Jennings-TraceStaff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more North Korean hackers target European defense firms with dream job scam    New macOS malware chain could cause a major security headache - here's what we know    North Korean hackers generate fake South Korean military ID using ChatGPT    JSON services hijacked by North Korean hackers to send out malware    Cybercriminals tried to bribe a BBC journalist to hack into one of the world's biggest news websites - here's what happened next    North Korean hackers hijack Google's Find Hub to find and wipe target devices    Latest in Security Iranian hacker group deploys malicious Snake game to target Egyptian and Israeli critical infrastructure    New data centers will need almost triple the current energy demand by 2035    Russian speaking hacking group now shifting focus to government targets    Glassworm returns once again with a third round of VS code attacks    107 Android flaws just got patched by Google - here's how to make sure you're up to date    Huge cryptomixer takedown sees feds seize over $30milion    Latest in News AWS Nova Forge could be your company's cue to start building custom AI models    ExpressVPN's latest update boosts connection speeds and revamps its Mac app    Netflix celebrates Kpop Demon Hunters' Spotify Wrapped 2025 success with heartfelt HUNTR/X 'thank you' message – but some fans think it was made by AI    Grab a free Fortnite skin with your Backbone Pro    Character.ai launches Stories as it scales back chat for under-18s    North Korean 'fake worker' scheme caught live on camera    LATEST ARTICLES

1. 1AWS Nova Forge could be your company's cue to start building custom AI models
2. 2I was hoping for Babel Fish realtime audio translation, and while the InnAIO AI Translator T9 is impressive, it's not there yet
3. 3Trump's push to overrule AI regulation falters as Republicans split
4. 4"A disaster waiting to happen" – The privacy tech world reacts to the new Chat Control bill
5. 5ExpressVPN's latest update boosts connection speeds and revamps its Mac app