Microsoft Axes 3,000 NK Spy Accounts in Major Crackdown

Key Points:

• Microsoft targets global scam by removing 3,000 fake accounts linked to North Korean IT workers.
• DOJ seizes laptops, shuts websites in crackdown on DPRK-linked fraud targeting U.S. companies.
• North Korean operatives used AI tools to fake identities and land high-paying remote tech jobs.

Microsoft Axes 3,000 NK Spy Accounts in Major CrackdownMicrosoft has suspended 3,000 Outlook and Hotmail accounts linked to North Korean IT operatives posing as freelance workers. The company’s Threat Intelligence division made the move as part of a broader campaign to disrupt what it calls a global fraud scheme.

Source: HashChain/XAccording to Microsoft, the operatives infiltrated hundreds of Fortune 500 firms using stolen or fabricated identities. In a statement to Fortune, Jeremy Dallman, senior director at the Microsoft Threat Intelligence Center, said,

“Beyond the 3,000 consumer email accounts that were recently taken down, Microsoft has continued to takedown persona accounts as they are identified.”

Coordinated Action With Law Enforcement

The U.S. Department of Justice supported the crackdown with a coordinated enforcement action. Authorities seized laptops, closed 29 financial accounts, and took down nearly two dozen websites. Law enforcement also raided 29 “laptop farms”—locations in the U.S. where accomplices maintained devices used by North Korean IT workers operating remotely.

In one case, a Maryland resident working in a nail salon was found to be holding 13 remote jobs that were executed by North Korean nationals based in China. These roles reportedly paid out nearly $1 million.

How the Scheme Operates

The North Korean scheme involves trained IT professionals from the Democratic People’s Republic of Korea who apply for global tech jobs under false identities. While the workers often perform legitimate tasks, Microsoft stated that some companies even reported them as “some of their most talented employees.”

The U.N. estimates the operation generates up to $600 million annually. The FBI and DOJ believe the revenue supports North Korea’s weapons programs. These workers are also said to share information with hackers responsible for large-scale cryptocurrency thefts.

AI Use and Evolving Tactics Raise Concerns

Microsoft confirmed that the operatives are now using AI tools to enhance their deception. They rely on software to polish job applications, swap faces on profile images, and mask accents using voice changers.

“We do recognize that combining these technologies could allow future threat actor campaigns to trick interviewers,” Microsoft warned

The company says these methods could make it easier for operatives to bypass traditional screening during job interviews.

Microsoft also developed a machine-learning tool to flag suspicious activity, including what it calls “impossible time travel risk detections,” which monitor login attempts between regions like the U.S. and China or Russia.

The company says it is continuing to track the activity under the internal name “Jasper Sleet.”

| | | --- | | DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |