North Korean operatives are posing as job candidates to secure employment at Australian companies, with wages allegedly funnelled back to support the regime’s weapons program, according to new findings from cyber security firm DTEX.

The company revealed it recently uncovered one such attempt during a staged remote interview for an Australian role. The individual, believed to be linked to a broader network, appeared under false credentials as part of what investigators describe as a large-scale global operation.

DTEX says these cases are not isolated. Thousands of individuals are thought to be involved in a coordinated effort to bypass international sanctions by gaining legitimate employment overseas and redirecting earnings back to North Korea. The scheme is also seen as a growing cyber security concern, as successful applicants may gain access to internal systems, sensitive data and critical supply chains.

Photo by Sushanta Rokka

The issue was brought into the spotlight following a 60 Minutes Australia investigation aired on 29 March. The program showed a suspected facilitator participating in an interview conducted by journalist Nick McKenzie, who posed as a recruiter. The broadcast also included commentary from ASIO Director-General Mike Burgess, who addressed the risks posed by such operations.

DTEX first raised concerns about this activity earlier in 2025 in a report examining what it described as a hidden workforce linked to North Korea. The report outlined warning signs for employers and identified dozens of suspicious applicants who had not yet been hired.

Investigators estimate that workers connected to these networks generate around A$864 million each year globally, though the true scale is likely higher due to the reach of the operation.

Mohan Koo, president and co-founder of DTEX, said the activity should be treated as more than simple fraud. He warned that it represents a coordinated effort to infiltrate legitimate businesses, generate revenue and create opportunities for further exploitation.

Security experts say the methods used by these operatives are becoming increasingly sophisticated. Artificial intelligence is reportedly being used to produce more convincing CVs and online profiles, making fraudulent candidates harder to detect. During interviews, tools such as deepfake video, voice manipulation and real-time assistance can obscure identity and improve responses.

There are also concerns that some individuals gain access indirectly through subcontractors or third-party providers, extending the reach of the operation into larger organisations.

DTEX is urging Australian businesses to strengthen hiring processes, including identity verification and background checks, and to remain vigilant for unusual behaviour after onboarding. The firm says early detection is critical to prevent unauthorised access, data theft or disruption to supply chains.