Flare and IBM X-Force Expose North Korea’s IT Worker Fraud Infrastructure
Event summary
- Flare and IBM X-Force released joint research on March 18, 2026, detailing North Korea’s IT worker fraud operations.
- The report identified internal platforms like ‘RB Site’ and ‘NetkeyRegister’ used to manage North Korean IT workers.
- Western collaborators help North Korean operatives secure jobs by using their identities and completing hiring paperwork.
- North Korean IT workers operate as full-time remote professionals, not forced labor, with structured workflows and communication patterns.
- The operations span multiple DPRK entities, including state bodies, party organizations, and front companies.
The big picture
North Korea’s IT worker fraud operations represent a growing cybersecurity threat, leveraging remote work trends to extract revenue. The report highlights the need for coordinated action across HR and security teams to prevent infiltration. This threat is part of a broader trend of state-sponsored cyber activities targeting global businesses, requiring heightened vigilance in hiring and identity verification processes.
What we're watching
- Operational Scale
- How the pace of North Korean IT worker infiltration will evolve as organizations adopt the report’s mitigation strategies.
- Regulatory Response
- Whether governments will introduce stricter identity verification laws for remote hiring processes.
- Corporate Adaptation
- The effectiveness of Flare’s and IBM X-Force’s recommended mitigation strategies in preventing future infiltrations.
Related topics