IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Flux result 4b7be8d2 61e2 4407 af1c 1088978c23b7
#
HCM
#
Advanced Persistent Threat Protection
#
Physical Security

North Korean operatives target Australian jobs, DTEX warns

Wed, 1st Apr 2026
Author image
By Shannon Williams, News Editor

DTEX has identified North Korean operatives seeking jobs at Australian companies under false identities. One suspected operative was exposed during a staged remote interview shown on Australian television.

The case formed part of a wider warning that covert IT workers linked to Pyongyang are using overseas employment to generate money for the regime while seeking access to business systems and data. DTEX said the effort spans multiple countries and industries.

A television investigation brought the issue into public view, showing a suspected facilitator linked to known Democratic People's Republic of Korea schemes appearing in an interview for an Australian development role. The programme also included comments from Australian Security Intelligence Organisation Director-General of Security Mike Burgess.

DTEX said it had been tracking the threat since early 2025, when it published research on what it described as a hidden DPRK-linked IT workforce. That research said the activity was not limited to the United States and outlined indicators employers could use to screen applicants.

Among those indicators were email addresses linked to suspected operatives. Using that list, DTEX identified 87 unhired applicants.

DTEX estimates DPRK-linked IT workers generate about AUD $864 million a year worldwide. It said the true figure could be higher because of the scale of the networks involved.

Evolving Tactics

Investigators said the methods used by fraudulent applicants are becoming harder to detect as generative AI tools become more common in recruitment and remote work. According to DTEX, operatives are using AI to create more convincing CVs and online profiles, making false candidates appear more credible before interviews begin.

DTEX also pointed to deepfake imagery, voice synthesis, AI-enabled noise cancellation, accent-softening tools and real-time response aids as methods that can be used during remote interviews to disguise identity. In some cases, operatives work through subcontractors or third-party firms to gain indirect access to larger organisations.

That raises the risk beyond payroll fraud. Once hired, such workers may be able to access sensitive systems, proprietary data, intellectual property and supply chain relationships tied to essential services, DTEX said.

The warning comes as many Australian employers continue to recruit technical staff through remote processes and international talent pools. While those hiring models have widened access to labour, they have also reduced the value of traditional face-to-face checks and made identity verification more complex.

Security specialists have increasingly warned that insider threats can begin before an employee joins an organisation, particularly when recruitment teams are under pressure to fill software and technology roles quickly. Remote contracting arrangements can add another layer of opacity if work is routed through agencies or smaller service providers.

For Australian companies, the issue touches both corporate governance and national security. A worker who enters an organisation under a false identity may be able not only to earn income but also to gather information, test internal controls or create a route into customer and supplier systems.

"These are not ordinary job applicants," said Mohan Koo, President and Co-founder of DTEX. "This is a state-linked operation designed to get people inside real businesses, generate money for the regime and create opportunities for further compromise. Australian organisations need to treat this as both an insider threat and a national security issue."

DTEX warns the tactics are evolving quickly and becoming harder for employers to detect. Investigators are seeing AI used to create more convincing résumés and online profiles, making fraudulent candidates look more legitimate from the outset.

Remote screening is also getting harder: deepfake imagery, voice synthesis, AI-enabled noise cancellation, accent-softening tools and real-time response aids can all help disguise identity and make traditional checks less reliable. In some cases, operatives also use subcontractors or third-party firms to gain indirect access to larger organisations.

"Australian organisations need expert capability to catch risk early, especially in the growing space between human and AI-enabled activity," Koo said.

"Better identity verification, stronger screening and awareness of known indicators can help stop these operatives before they are hired. But if they get in, employers need to detect unusual behaviour quickly and respond before access is used to steal data, misuse systems or compromise the wider supply chain."

Related stories
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Testlio launches AI chatbot testing service amid scrutiny
Dropbox launches three apps inside ChatGPT for work

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment