Microsoft said Friday that North Korean operatives are using artificial intelligence tools, including voice-changing software and face-swapping apps, to pose as Western job candidates and win remote technology jobs, a scheme that can channel paychecks and company access back to Pyongyang.
The company said the operation centers on fake or stolen identities used to apply for software and IT roles at Western firms.
Microsoft said the workers use AI to generate headshots, create locally plausible names and email formats, and tailor applications to job postings. During interviews, the company said, some use voice-changing tools to mask accents.
The operatives also use AI after they are hired, helping them write emails, translate documents, and generate code while trying to avoid detection. The company said one North Korean cluster, which it tracks as Jasper Sleet, "leverages AI across the attack lifecycle to get hired, stay hired, and misuse access at scale."
The warning matters because the job scam has moved beyond payroll fraud and into a broader corporate security threat.
U.S. authorities have said North Korean remote IT worker schemes rely on stolen and fake identities, U.S.-based facilitators, and so-called laptop farms that let overseas workers appear to be operating from inside the United States.
The Justice Department said in June 2025 that such schemes had reached more than 100 U.S. companies, while the FBI has warned that some workers have stolen sensitive data or used it for extortion.
Microsoft said it disrupted 3,000 Outlook and Hotmail accounts tied to fake North Korean IT workers last year.
The company urged employers to conduct video or in-person interviews and to watch for signs of image manipulation, including distortions around faces, eyes, ears, and glasses.
Federal investigators have issued similar advice, including stronger document checks, direct verification of work history, and closer scrutiny of remote hiring arrangements.
Upwork, which was named as one type of employment platform targeted for software and IT postings, said it takes aggressive action to remove bad actors.
Jim Thomas ✉
Jim Thomas is a writer based in Indiana. He holds a bachelor's degree in Political Science, a law degree from U.I.C. Law School, and has practiced law for more than 20 years.
© 2026 Newsmax. All rights reserved.