North Korea Creates Fake US Companies to Exploit US Job Seekers
At CyberStreams, we protect high-risk industries especially aerospace firms from targeted cyberattacks. One of the most disturbing trends we've seen in recent months involves a deceptive campaign originating from North Korea, targeting unsuspecting U.S. job seekers. These attacks don’t just impact individuals, they’re infecting entire organizations.
The Rise of Fake Employers
Since 2018, North Korean operatives have created fake U.S.-based shell companies, such as Blocknovas LLC and Softglide LLC, using stolen identities and fake registrations to appear legitimate (Reuters, April 2024). These entities pose as tech startups hiring developers for remote work. But their real goal is far more malicious.
Through this operation dubbed the “Contagious Interview” campaign job seekers are lured via convincing LinkedIn messages and fake job boards, with AI-generated profiles and even deepfake video interviews to add credibility. Once engaged, applicants are sent coding assignments or test projects that secretly deliver malware like BeaverTail and InvisibleFerret (Palo Alto Networks, November 2023).
From Job Seeker to Malware Carrier
What makes this campaign especially dangerous is its ability to bypass traditional security protocols. These job seekers unknowingly install malware on their personal devices, which later spreads to their current employer’s network, making them unintentional carriers of a cyber infection.
And the threat is real: in 2024 alone, more than 100 devices were infected using this method, resulting in the theft of sensitive data, including source code and crypto wallets (Zscaler, November 2024).
Why This Threat Matters for Aerospace Firms
These attacks aren’t just random, they’re strategic. North Korea’s goal is to steal intellectual property and fund weapons programs, and they’re targeting industries rich with sensitive data. For aerospace companies, a single malware infection could compromise years of proprietary designs and research.
In addition, malware originating from these schemes can threaten CMMC compliance, putting DoD contracts and national security at risk.
According to IBM X-Force (2025):
43% of breaches result from social engineering
41% of malware attacks are delivered via phishing
That’s a powerful reminder that our greatest vulnerabilities aren’t always software, they’re people.
What Employers and Job Seekers Can Do Now
To help organizations and individuals reduce their risk, here are three key takeaways from this evolving threat:
1. Verify Job Ads
Before applying or interviewing, research the company. Look them up on your state’s Secretary of State or Department of Revenue website. If they were established only months ago but claim years of experience, ask questions. Legitimate employers will understand.
2. Secure Corporate Endpoints
Ensure all devices use Endpoint Detection and Response (EDR) tools to spot and stop malicious behavior, even when disguised as normal code. Organizations should also monitor corporate devices for unauthorized installations or suspicious activity.
3. Train Staff on Social Engineering
Most compliance frameworks require annual cybersecurity awareness training, but that’s just a baseline. At CyberStreams, we go further offering weekly micro-trainings and monthly threat briefings to keep teams alert and informed on emerging tactics.
Conclusion: Don’t Let Your Next Hire Be the Next Risk
Cybersecurity threats are evolving beyond phishing emails and outdated software. The modern threat actor is patient, sophisticated, and increasingly human-facing. What starts as a simple job interview could turn into a breach that costs your company millions, or worse, its reputation.
At CyberStreams, we deliver tailored defenses for high-risk sectors like aerospace, helping firms stay ahead of threats while remaining compliant and secure.
Whether you're hiring, job hunting, or leading a tech team, one thing is clear: caution is no longer optional, it's critical.
