By Sean Lyngaas, CNN

(CNN) — North Korean operatives created a fake job-application platform targeting applicants to major US artificial intelligence and crypto firms as part of a new effort to steal money and know-how for the Kim Jong Un regime, researchers said on Thursday.

It’s a twist on a yearslong campaign to infiltrate Fortune 500 companies: Instead of simply impersonating employees of those companies, North Korean tech workers are now working to gain long-term access to the computers of applicants before they join a company, according to security firm Validin, which discovered the scheme.

“Going after job seekers gives North Korean actors a huge advantage. Instead of trying to slip past an employer’s defenses, they take over the entire hiring process and make it feel completely legitimate to individuals,” Validin’s chief executive Kenneth Kinion told CNN. “People assume they’re doing a normal coding test or following steps for a promising job opportunity, so they’re far more likely to run whatever the interviewer sends them.”

The fake jobs platform mimics the style and substance of Lever, a headhunting platform that boasts tens of thousands of customers. Among the fictional jobs advertised on the North Korean-built platform are a “product manager” related to Claude, the popular AI model developed by San Francisco-based firm Anthropic.

Anthropic’s technology is in high demand. The firm committed to spending $30 billion on Microsoft’s compute capacity to expand the use of Claude, Microsoft announced this week.

CNN has requested comment from Lever, Anthropic and all the other companies impersonated in the scheme. The North Korean diplomatic mission in London did not immediately respond to a request for comment on Thursday.

“Because many candidates don’t want their current employer to know they’re looking elsewhere, they’re less likely to report anything suspicious, making it even easier for the attackers to slip through unnoticed,” Kinion said.

Kinion, whose team discovered the fake job portal this week, said he wasn’t aware of anyone who has fallen victim to the scheme yet, but many have fallen for past industrial espionage campaigns tied to Pyongyang.

For years, North Korean workers have used fraudulent identities and sometimes passed interview screenings to infiltrate American companies big and small. The workers then send the money back to Pyongyang to support the regime’s rogue weapons program, according to private experts and US officials.

A previous CNN?investigation showed how the founder of a California-based cryptocurrency startup had unwittingly paid tens of thousands of dollars to a North Korean engineer. The entrepreneur was unaware of the situation until the FBI notified him, he said.

North Korean hackers have also stolen billions of dollars from banks and cryptocurrency firms over the last several years, according to reports from the United Nations and private firms. A White House official estimated in 2023 that half of North Korea’s missile program had been funded by cyberattacks and cryptocurrency theft.

A series of US indictments and sanctions has raised awareness of the insider IT worker threat. Pyongyang has evolved its tactics in response, according to experts.

“These operators appear to hold elevated privileges, far beyond what a standard IT worker receives, which is evident from their more malicious activities,” Michael Barnhart, a North Korea-focused researcher at insider threat firm DTEX Systems, told CNN. “This reinforces the notion that these activities are part of a broader, well-integrated ecosystem within North Korea’s cyber operations.”

The-CNN-Wire
™ & © 2025 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.