Jin-su, a North Korean defector, has provided rare insight into a clandestine operation where IT workers, under strict surveillance, disguise their identities to secure remote jobs abroad, funneling most of their earnings back to the regime. Despite harsh realities, many workers continue this work to escape dire conditions at home.
North Korean IT Worker Reveals Covert Operations Funding the Regime

North Korean IT Worker Reveals Covert Operations Funding the Regime
Explosive testimony from a defected North Korean IT worker highlights the regime's extensive undercover scheme for generating foreign income through remote work and identity deception.
North Korea has successfully infiltrated global information technology markets through clandestine operations run by its citizens abroad, as revealed by an interviewed defector known as Jin-su. Over the years, Jin-su utilized various fake identities to apply for remote IT positions with Western companies, thus contributing to a vast and covert scheme that funnels funds back to Kim Jong-un’s regime, which has been under international sanctions.
In an exclusive interview with the BBC, Jin-su disclosed that he earned around $5,000 monthly, with the majority of his income—estimated at up to 85%—sent back to North Korea. “We know it’s like robbery, but we just accept it as our fate,” he shared, underscoring the desperation stemming from the harsh conditions in his home country, which has faced enduring financial isolation. According to a UN Security Council report, North Korean IT operations generate between $250 million and $600 million annually, with the COVID-19 pandemic acting as a catalyst for remote work and the continuation of these activities.
Jin-su’s experience mirrors that of thousands of North Koreans dispatched abroad primarily to China, Russia, and other regions. In these locations, IT workers are often compelled to conceal their nationality due to sanctions linked to the country’s nuclear ambitions. The proportion of defector accounts correlates predominantly, with Jin-su’s narrative confirming findings in UN and cyber security reports regarding the North Korean IT workforce’s operations.
To secure employment, Jin-su would pose as a Chinese citizen, strategically using the identities of unsuspecting individuals living in countries such as Hungary and Turkey, often finding more success when applying for positions in the US. He recounted successfully utilizing borrowed identities to gain insights and access from various freelance platforms, often targeting businesses that do not require direct face-to-face interviews.
The illegal operations have prompted attention from authorities; a US court last year indicted 14 North Koreans netting $88 million by extorting American firms. The scrutiny extends to hiring managers, who have begun to detect patterns across applicants indicating potential North Korean affiliations. “It initially felt like a game, trying to spot disguised candidates,” said Rob Henley from Ally Security. Yet, the drain on security checks has heightened as various firms have become wary of unknowingly employing North Korean workers.
While workers like Jin-su adapt to life outside, the vast majority remain in precarious situations, drawn into this covert digital black market due to financial gain despite the severe risks of defection. Jin-su himself noted that, while he now earns less than before, the opportunity to keep a larger share of his income in a safer and legal environment is constant motivation in his life post-defection.
North Korean IT teams’ complex operations continue to pose challenges to global cybersecurity, while the discovery of such practices sheds light on the lengths to which the regime goes to fund itself amidst crippling sanctions. The trajectories of defectors like Jin-su exhibit the dual nature of hardship and defiance as they navigate worlds fraught with significant moral consequences.