Practical guides to protect yourself, your family, and your business from AI-driven scams, deepfakes, and emerging cyber threats.
A researcher with no deepfake experience, a five-year-old computer, and a graphics card bought in 2020 set out to see how hard it would be to fake a human face in a live job interview. It took 70 minutes. Using free software and an AI-generated face from a site that invents people who do not exist, they built a synthetic identity convincing enough to sit across from a hiring manager on a video call and answer questions in real time.
That demonstration, published by Unit 42, the threat research arm of Palo Alto Networks, is not a thought experiment. It maps almost exactly onto a fraud scheme that has placed North Korean operatives on the payrolls of hundreds of Western companies. On June 8, 2026, the law firm Skadden pulled together the recent wave of U.S. enforcement actions against the scheme, and the picture it paints should change how your company treats a routine video interview.
The operation is simple in outline and disciplined in practice. North Korea trains skilled IT workers, issues them fabricated identities, and has them apply for remote software, design, and support roles at companies in wealthier countries. Their wages, often drawn from several jobs held at once, flow back to the regime, where the United Nations estimates the program raises between 250 million and 600 million dollars a year to fund sanctioned weapons and ballistic missile work. Operatives are active in more than 40 countries.
The part worth understanding is how they clear the interview and the laptop. During the interview they run a real-time deepfake: a face-swap model takes the operative's live webcam feed and paints a different, AI-generated face over it, fed into Zoom or Teams through a virtual camera (software that impersonates a real webcam). This lets one person interview for the same role repeatedly as different people, and keeps their actual face off the FBI's wanted notices. Once hired, the company ships a laptop to a U.S. address. That address is a laptop farm, a facilitator's home where the machine sits plugged in and running so the operative can reach it remotely through tools like AnyDesk or TeamViewer over a VPN, making each login look domestic. To carry several jobs at once, they lean on AI coding assistants to turn out work that is just good enough to avoid a second look.
The concrete damage is already on the record: stolen source code, triggered data breaches, and hundreds of millions of dollars a year delivered to a sanctioned weapons program. The harder question for your organization is where the exposure sits. Prosecutors treat the companies that hired these people as victims, but a victim still pays for the forensic investigation, the breach notifications, and the legal review, and may carry sanctions exposure depending on what the operative was able to touch. The shift to name in your next planning meeting is that the video interview, long run as an HR formality, has quietly become an identity check your security team has a stake in. Seeing a face on the call is no longer proof of who you hired. The trend runs one way: the 70 minutes it takes to build a passable fake will keep shrinking, and the tools that detect deepfakes lag behind the tools that make them.
This scheme works because it attacks the one place most security programs never watched: the hiring funnel. A generated face clears the interview, a stranger's spare room stands in for a U.S. address, and an AI coding assistant passes for competent work. None of it requires breaking your firewall, because you opened the door and issued the badge yourself. Bring one question to your next hiring review. If the next promising remote engineer your team interviews were a real-time deepfake fronting for a sanctioned regime, is there a single step in your process that would catch it before the laptop ships?


