Threat Vector | The Billion Dollar Hiring Scam Funding North Korea

dmoulton — Thu, 26 Feb 2026 17:00:00 GMT

Evan Gordenker, Director of AI Security and DPRK Operations at Unit 42, has led more than 160 investigations into sophisticated threat actors, including the North Korean IT worker networks quietly embedded inside global companies. He joins David Moulton to unpack how this operation actually works, why common assumptions about remote work leave organizations exposed, and what security and HR teams can do to detect and disrupt it.

You'll learn:

How DPRK operatives use deepfakes, fabricated identities, and real accomplice networks to pass interviews and land jobs at global companies
Why "we don't hire remote" is a dangerous assumption that no longer holds
What signals HR and SOC teams should look for, before and after someone is hired
How the threat has evolved from quiet wage theft to active extortion of former employers
What government collaboration and cross-border intelligence sharing can realistically accomplish

Evan contributed to the UN Sanctions Monitoring Team report on North Korean operations and brings a rare combination of technical depth and geopolitical fluency to this problem. Having lived and worked across the US, EU, and Japan, he brings cultural context that matters when investigating a threat with global reach. His investigations have produced some of the most detailed profiles of DPRK operators in the security community.

This episode is essential listening if you're: a security leader building out your insider threat program, an HR or talent acquisition leader who hasn't yet connected with your security team, or a threat intelligence analyst tracking how nation-state programs fund themselves.

Related Episodes:

From Code to Compromise — Covers North Korean threat actors using fake job interviews to target developers via malicious IDE extensions. A strong companion to this episode's look at the broader IT worker scheme.
Inside the Mind of State-Sponsored Cyberattackers — A deeper look at how nation-state operations are structured and why they're so hard to disrupt.

Join the conversation on our social media channels:

Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/
Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠
Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠
LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠
YouTube: @paloaltonetworks
Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠

article Threat Vector | The Billion Dollar Hiring Scam Funding North Korea in Threat Vector

Threat Vector | The Billion Dollar Hiring Scam Funding North Korea