AI deepfakes and fraudulent candidates: A compliance…
Over 130 US companies were tricked into hiring North Korean IT workers using synthetic identities and deepfakes to infiltrate corporate systems
- Incident date
- Mar 2025
- Target
- US companies
The US Department of Justice recently revealed that more than 130 US companies were deceived into hiring North Korean IT workers who utilized synthetic identities to secure remote roles. This scheme highlights a growing operational and legal threat where deepfake video overlays and AI-fabricated résumés are used to infiltrate corporate networks and funnel salaries back to the regime.
What happened
This years-long campaign involved skilled operatives using stolen or synthetic identities to land remote positions. The strategy frequently utilized "laptop farms" to manage the work, with one Arizona facilitator sentenced to eight and a half years for generating over $17 million in illicit salary payments. Amazon reported blocking more than 1,800 suspected North Korean applicants, noting a 27% quarter-over-quarter rise in attempts during 2025. These fraudulent hires aim to gain network access, trade secrets, or a foothold for ransomware.
The FBI has warned that contract IT work is a primary infiltration pathway. Once hired, a single fraudulent worker can expose companies to data breaches, sanctions violations under the Office of Foreign Assets Control, and significant reputational damage. Detection of these individuals is complicated by the need to navigate evolving state regulations, such as New York City’s Local Law 144 and California’s Civil Rights Council regulations, which govern the use of AI in hiring and bias audits.
Security professionals and staffing firms are now advised to harden identity verification processes by requiring live, unobscured video interviews and performing real-time authenticity checks. Organizations are also encouraged to ship equipment only to addresses that match government-issued identification and to develop incident-response plans specifically for deepfake-related hiring risks.