North Korean “remote workers” also targeting Hungarian companies – but they’re actually hackers

In recent months, North Korean hacker groups have resurfaced, attempting to infiltrate foreign companies while posing as remote workers.

According to the Google Threat Analysis Group, this phenomenon has already reached several European countries –including Hungary. The attackers apply with fake identities for IT positions, and companies often have no idea who they are really dealing with.

Remote workers who seem legitimate

Researchers at cybersecurity firm Sophos warn that most candidates with North Korean backgrounds claim to be IT developers or system administrators living in other Asian countries. At first glance, these profiles appear completely legitimate, with polished LinkedIn pages, years of “built-up” portfolios, and references often stolen from real companies.

Their technical skills are usually genuine – the applicants can handle real tasks. The problem is that their identities are fabricated, and their goal is not to earn a salary but to gain access to corporate systems.

“Many organizations now hire internationally, and identity verification in remote recruitment processes is often insufficient. This poses a serious risk, as even sanctioned individuals could gain access to company systems,” warns Gábor Szappanos, cybersecurity expert at Sophos.

The situation has become especially concerning because attackers now use far more sophisticated methods than a few years ago. Applicants often present carefully crafted, AI-generated online profiles, appearing as ordinary remote workers. Their true backgrounds, however, are well disguised – which is why Sophos emphasizes that HR processes must become an integral part of corporate cybersecurity.