Polyguard

North Korean Spies Are Passing Your Identity Checks

Background checks verify documents. Polyguard verifies the actual person, in real time, on camera, with cryptographic proof.

Traditional Identity Verification Was Not Built for State-Sponsored Fraud

Organized DPRK IT worker teams operate with specialized roles

North Korea's IT worker schemes don't fail background checks. They pass them. These are organized teams with dedicated roles for identity fabrication, interview deception, location spoofing, and payment laundering. The person on your video call, the person doing the work, and the person collecting the paycheck may be three different operatives in the same state-backed program.

U.S. government advisories from the Departments of State, Treasury, and the FBI confirm these operations target hiring workflows, not specific industries. If your company hires remotely and pays a salary, you are a viable target.

Your current screening process was designed to catch resume fraud. It cannot detect a coordinated identity operation.

Why Background Checks and Video Interviews Fail

Face-swap attacks defeat visual identity checks

Traditional identity verification trusts documents and appearances. DPRK operations exploit exactly that:

  • Forged and stolen identities: Fabricated employment histories, synthetic personas, and real stolen credentials pass document checks because the documents themselves are convincing.
  • Deepfaked video interviews: AI-generated face swaps and real-time video manipulation defeat visual identity matching during live calls.
  • Location spoofing: VPNs, virtual private servers, and laptop farms in third countries mask the operative's true location.
  • Role separation: The interviewer never meets the worker. The worker never touches the payment. No single point of failure for the operation.

Each layer of deception is handled by a specialist. That is why no single check (not a background screen, not a live interview, not IP geolocation) catches the fraud on its own.

How Polyguard Closes These Gaps

Polyguard does not replace your hiring process. It adds a verification layer that state-sponsored operations cannot defeat.

1 Mobile Verification iOS + Android + SDK Fused identity verification 2 Integrations Meetings Zoom Teams Outlook Help Desk ServiceNow Jira Anything SDK & APIs 3 Records Polyguard Backend APIs Proofing Services Certificates Audit Logs & Affidavits

Cryptographic Document Verification. NFC chip reading extracts the cryptographic signature embedded in government-issued identity documents, not a visual scan, not OCR. The chip's digital certificate is verified against issuing-country certificate authorities. Forgery is cryptographically impossible.

Real-Time Facial Recognition. PG-Presence confirms that the person on camera matches the person on the verified document, continuously, not just at a single checkpoint. Deepfakes, face swaps, and replay attacks are detected and blocked in real time.

Device and Location Attestation. Polyguard verifies the integrity of the device being used (blocking emulators, virtual cameras, and compromised environments) and confirms the operative's actual physical location through device-level attestation, not IP geolocation that can be spoofed with a VPN.

Fused Identity. Multiple identity factors (person, document, device, location) are bound together into a single cryptographic proof. Every factor must be simultaneously valid. Defeating one factor does not compromise the others.

Audit-Ready Evidence. Every verification produces a signed transaction affidavit: litigation-ready documentation for regulators, investigators, and compliance teams. If OFAC comes asking, you have cryptographic proof of who was verified, when, and how.

Verification Before Access, Not After Discovery

Most companies discover DPRK IT worker infiltration months after onboarding, often only when law enforcement makes contact. By then, the operative has had system access, earned wages that fund sanctioned programs, and created liability that cannot be undone.

Polyguard shifts verification to before the first interview. The candidate proves their identity through their own device before any access is granted. No verification, no meeting.

Stop hiring ghosts. Start verifying people.

Learn More

Book a Demo

See how Polyguard verifies identity across every interaction.

$20M per incident [1]

Conservative estimate for a single DPRK IT worker at a mid-cap company

100% of the Fortune 500 [2]

Have unknowingly employed at least one DPRK IT worker

704% Surge [3]

In face-swap attacks used during remote hiring

Strict Liability [4]

OFAC penalties apply even when hiring is unintentional