Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Rubrik: North Korea's Covert IT Workforce Infiltration Campaign

Rubrik
07/09/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


On paper, they're the dream hire. Skilled, low maintenance, always remote, and often affordable. They were some of their best workers. It's like the perfect candidate, and we have to tell them, yeah, I know they are. They wrote it that way. It's all fake. They're taking jobs at Fortune 500s in entertainment, ag, tech. We've even found them inside U.S. government agencies, defense contractors. One even popped up at a nuclear utility. But strange things are happening. The person not wanting to be on camera. That person doesn't quite look right. There's a pause after each question. They're using some sort of chat bot to answer questions. Employers are waking up to a deeply unsettling realization. Their employee is not who they claim to be. And they were actually good engineers. You really were hiring an engineer, and you thought you were hiring them for one thing, and you just happened to be hiring them to do something else on the side, like steal your stuff. We decided at the end of that interview, we all got together and said, I think one of the North Koreans has interviewed for a job with us. Do you think there are big security risks with ION? So, uh. We like our enemies simple, a hermit kingdom with questionable haircuts. But caricature has a cost. Never underestimate North Korea. Once they've decided to do something, they will figure out a way to do it. And the adversary we joke about, it's not actually the one we're up against. Inside government, we started looking at the North Korean cyber program as the Imagineers of cyber. We've underestimated them at every turn. And so for years, we wargamed in this space. What will it look like if a rogue nuclear armed nation decides to attack the United States through cyber means? We all got it wrong, right? And no one anticipated that the first time that that would happen would be over a movie about pot smoking journalists with Seth Rogen in it. The FBI announced today that, and we can confirm that North Korea engaged in this attack. Sony was about revenge. What followed was about revenue. It was like in a movie where you have a bank vault heist, except for there's no mass, there's no hacking into the camera, there's no getaway cars. There's just guys at keyboards, you know, and it's just amazing for a nation state to do this. We had never up until this moment seen a nation state steal cold hard cash from another country. Last year, we had a nation state attacking the country of Bangladesh and just stealing their money. We personally kept about 15 to 25 percent, depending on how much we earned. We can steal money now at the speed of the internet. These are the largest bank robberies in human history. A bank robbery of a million dollars in cash is still headline news. Crypto robbery of a million dollars worth of some token that you've never heard of. That's a Tuesday. The biggest pressure was meeting the required payment quota to superiors. If we fail to meet quotas, even sleep and rest could be restricted. What's the current ballpark figure for how much the DPRK has stolen in cryptocurrency? Kind of our conservative lower bound estimate is around five billion and upper bound is around six, maybe even more than that. These are cyber operators like none we've ever seen, with goals more suited to the Corleones than a nation state. So just think of them as a very rich family that is half Mafia Don, half Joseph Stalin. And that's their goal, survival and money. You've seen North Korea in some ways become the world's largest bank robber. This is a criminal cyber startup and these guys are crushing it. And now? I remember telling people IT workers in a room and nobody knew what the heck I was talking about. When I talk about it now, everybody's already had an experience with it. They are going to turn that insider access into an insider threat position. So an employee can become a foothold to follow on operations. These IT workers are absolutely everywhere. Really what we have now is a worldwide chess game and they've put all their pieces in place. Now, if push comes to shove, you have thousands and thousands of organizations at your disposal that you can start blowing up from the inside. But to pull this off at scale requires pawns. And that, that may be their most clever move of all. Convincing Americans, witting or not, to help them set the board. Okay, let's see.

TL;DR

  • Thousands of North Korean IT operatives have infiltrated American companies — including Fortune 500s, defense contractors, and a nuclear utility — posing as legitimate remote employees to fund the DPRK's nuclear program.
  • North Korea's cyber capabilities have evolved from the 2014 Sony hack through massive cryptocurrency bank heists, with conservative estimates placing total stolen funds between five and six billion dollars.
  • The insider threat is now the primary concern: these embedded IT workers can convert their privileged access into a coordinated attack vector across thousands of organizations simultaneously.

Summary

This trailer previews 'To Catch a Thief: North Korea On Our Payroll,' an investigative podcast co-produced by Rubrik and hosted by Nicole Perlroth, bestselling author and former New York Times cybersecurity reporter. The series exposes a sophisticated and large-scale operation in which thousands of North Korean IT operatives have embedded themselves inside American companies — Fortune 500 firms, entertainment studios, agricultural businesses, tech companies, U.S. government agencies, defense contractors, and even a nuclear utility — posing as legitimate remote workers. These operatives present as ideal candidates: skilled, low-maintenance, and affordable. In reality, they are funneling wages and stolen funds back to the DPRK regime to finance its nuclear weapons program. The trailer traces North Korea's cyber evolution from the 2014 Sony hack — described as an act of revenge — through audacious nation-state bank heists that experts estimate have netted between five and six billion dollars in cryptocurrency. Now the threat has shifted: rather than purely stealing money, North Korean IT workers are leveraging insider access to position themselves as latent threats inside thousands of organizations simultaneously, creating what one source describes as a 'worldwide chess game' with pieces already in place.

Chapters

0:00 - The Perfect Fake Hire
0:38 - Cracks in the Cover
1:27 - Underestimating North Korea
2:24 - From Sony to Bank Heists
3:41 - The Insider Threat Endgame

Key Quotes

0:17 "It's like the perfect candidate, and we have to tell them, yeah, I know they are. They wrote it that way. It's all fake."
1:34 "Never underestimate North Korea. Once they've decided to do something, they will figure out a way to do it."
3:03 "We can steal money now at the speed of the internet. These are the largest bank robberies in human history."
3:33 "Kind of our conservative lower bound estimate is around five billion and upper bound is around six, maybe even more than that."
4:19 "They are going to turn that insider access into an insider threat position. So an employee can become a foothold to follow on operations."
4:37 "Really what we have now is a worldwide chess game and they've put all their pieces in place."

FAQ

What is 'To Catch a Thief: North Korea On Our Payroll' and who produces it?

It is an investigative podcast co-produced by Nicole Perlroth and Rubrik in partnership with Pod People. Perlroth, a bestselling author and former New York Times cybersecurity reporter, hosts the series, which investigates how North Korean IT operatives have infiltrated American companies and government agencies.

How are North Korean IT workers getting hired, and why is it hard to detect them?

They present as highly skilled, low-maintenance, and affordable remote candidates — often described as ideal hires. Detection is difficult because they are genuinely competent engineers. Red flags include reluctance to appear on camera, unnatural pauses during interviews, and apparent use of AI chatbots to answer questions in real time.


Categories:
  • » Webinar Library » Rubrik
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Threat Intelligence
  • Security Operations
  • OT
  • IoT Security
  • Thought Leadership
  • Executive Briefing
  • North Korea cyber operations
  • Insider threat
  • IT workforce infiltration
  • DPRK cryptocurrency theft
  • Nation-state cyber threats
  • Remote worker fraud
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Rubrik: North Korea's Covert IT Workforce Infiltration Campaign

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Worthy Security Team for Unmatched Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-unmatched-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-safeguarding-ai-accessible-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Effective Data Privacy and Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection/
              • 07/22/2026
                01:00 PM
                07/22/2026
                Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Worthy Security Team for Unmatched Defense

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        22

                        Insights and Strategies for Effective Data Privacy and Protection

                        07/22/202606:30 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version