Microsoft has taken action against approximately 3,000 Outlook and Hotmail accounts linked to North Korean IT workers as part of a coordinated effort to combat a sophisticated global fraud scheme. The tech giant’s Threat Intelligence Center identified the operation, dubbed “Jasper Sleet,” which has infiltrated hundreds of Fortune 500 companies in recent years.

The scheme involves North Korean IT workers using fabricated or stolen identities to secure remote jobs in tech companies worldwide. These workers, trained and dispatched by the Democratic People’s Republic of Korea (DPRK), have successfully obtained legitimate employment, with some companies reporting that the remote workers were among their most talented employees.

DOJ Seizes Laptops and Shuts Down ‘Laptop Farms’ Across the US

The Department of Justice announced a coordinated takedown alongside Microsoft’s account suspensions, seizing hundreds of laptops, 29 financial accounts, and shutting down nearly two dozen websites. Law enforcement searched 29 “laptop farms” across the United States, where accomplices—including Americans—agreed to maintain laptops shipped by companies that unknowingly hired North Koreans for remote positions.

A notable case involves a Maryland nail salon employee who will be sentenced in August after being found to hold 13 remote jobs handled by North Korean IT workers located in China. These positions paid nearly $1 million combined.

AI Tools Help Workers Evade Detection in $600 Million Scheme

The North Korean IT worker conspiracy generates up to $600 million annually, according to UN estimates. The revenue funds Kim Jong Un’s nuclear weapons program, making cybersecurity a national security issue.

Microsoft reports that the workers are increasingly using AI tools to improve their deception tactics—eliminating grammatical errors, enhancing photos, and experimenting with voice-changing software. The company has developed custom machine-learning solutions using “impossible time travel risk detections” to identify suspect accounts logging in from Western nations and China or Russia simultaneously.

While Microsoft hasn’t observed combined AI voice and video technology yet, the company warns this could allow future threat actors to conduct interviews directly without relying on facilitators.