Microsoft Threat Intelligence, the division of the $3.7 trillion tech giant, suspended 3,000 Outlook and Hotmail accounts this week across its global email services to break up a North Korean IT worker conspiracy that infiltrated hundreds of Fortune 500 firms, identifying and wiping the accounts tied to covert operatives.
Disrupting the IT Worker Conspiracy
Fortune reported that Microsoft calls the operation “Jasper Sleet.” According to its Threat Intelligence team, North Korea has trained IT workers to win remote jobs using stolen or fake identities.
These workers log in through “laptop farms” in the U.S. and abroad, often handled by unwitting accomplices. Once inside corporate networks, they can gather data or open doors for more dangerous hackers.
By suspending 3,000 known email accounts, Microsoft aims to cut off one of the scheme’s key tools.
Rising Crypto Hacks and New Malware
The takedown comes as crypto hacks surge, with many traced back to North Korean groups. Cybersecurity firm Sentinel Labs reported a new malware called NimDoor. Unusually, it is written in the Nim language, making it hard to detect on Apple macOS systems.
North Korean hackers use this tool to slip into crypto firms and steal wallet keys or credentials. Microsoft’s move signals a broader effort to protect both traditional companies and emerging digital‑asset platforms.
Coordinated Law Enforcement Response
Microsoft’s action coincided with a U.S. Department of Justice operation. The DOJ seized hundreds of laptops, closed nearly two dozen websites and froze 29 financial accounts.
Agents raided 29 laptop farms in multiple states. Some Americans rented out their identities or hosted the laptops. In Maryland, a nail salon worker admitted he held 13 remote jobs that North Korean IT staff actually performed, earning almost $1 million in the process.
Advanced Tactics with AI
As part of its warning, Microsoft noted the IT workers are now using artificial intelligence. They polish resumes, fix language errors and even touch up photos. The team has not yet seen combined AI voice and video, but it is only a matter of time.
If hackers learn to mimic voices or faces during job interviews, they could bypass current detection methods. Dallman, a Microsoft spokesperson, said the company is tracking these AI‑driven efforts and will take down new persona accounts as they emerge.
Emerging Threats in Crypto Hiring
Another threat actor linked to North Korea has rolled out a Python remote access trojan. This malware steals crypto wallet credentials and password manager data from job seekers in the digital‑asset sector.
By targeting applicants, hackers aim to turn the hiring process into a hunting ground for sensitive keys. The trojan shows how the IT worker scheme feeds more malicious campaigns that have stolen billions in cryptocurrency.
Funding Pyongyang’s Weapons Programs
UN estimates put the IT worker scheme’s revenue at up to $600 million per year. The funds and stolen crypto help finance North Korea’s nuclear weapons and missile development.
The FBI and DOJ both warn that proceeds from cybercrime are critical to the regime’s military agenda. Stopping these schemes is therefore not just a corporate security issue, but a matter of national and global safety.
Microsoft’s latest takedown highlights the growing complexity of cyber threats linked to North Korea. By combining email suspensions with law enforcement raids and close monitoring of AI‑driven tactics, the company and its partners aim to cut off key revenue streams and protect thousands of firms.
Also Read: North Korean Operatives Impersonated US Citizens To Steal Crypto From American Companies: DOJ