Exposing North Korea – The Hidden Cyber Army You Never Saw Coming

Most people think of North Korea as cut off and isolated. But what if the real threat wasn’t on the border, but already inside your company?

In this eye-opening interview, I speak with Michael Barnhart, author of DTEX’s explosive new report: “Exposing DPRK’s Cyber Syndicate and Hidden IT Workforce.”

We uncover how North Korean operatives are posing as freelance remote IT workers, gaining access to trusted corporate environments, and using that access to steal data, bypass sanctions, and fund the regime’s weapons programs, all without raising alarm.

Michael breaks down:

• How these operatives forge digital identities and land jobs in unsuspecting Western companies

• What they do once inside, from passive observation to active sabotage / IP theft

• Why this is not just a U.S. or European problem, but is already unfolding in Australia and the Asia-Pacific

• And how AI is now part of their arsenal, accelerating the threat

We ask the big questions:

• How organised is this operation?

• How much of it is desperation vs. loyalty?

• And what happens if we keep ignoring it?

If you think this can’t happen to your business, this interview might change your mind.

You can download your free report here of “Exposing DPRK’s Cyber Syndicate and Hidden IT Workforce”

Watch now and find out who’s really on your network.

Context Index

01:05    – What exactly is North Korea doing in the world of cyber operations that most people have no idea about?”

03:07    – What is the journey of trying to collect this information about North Korea operations?

04:30    – High-level overview of North Korea cyber underworld

07:01    – What’s the process of recruitment into Western companies?

09:39    – How well are Western corporations aware of such threats?

10:45    – How are organisations being targeted? How is it structured?

12:55    – Once a North Korean has managed to get inside an organisation, what are they doing?

14:45    – How do North Korean share information within themselves and their different operations?

16:16    – How does the North Korean regime recruit capable people internally to perform such nefarious activities?

18:18    – Has a North Korean ever defected? Have they ever turned greedy and decided to leave? What happens to their family

19:50    – Describe the idea about “survivability” that North Koreans face?

22:35    – Is this a 24 x 7 operation? Is there a shift with different teams?

24:08    – Are they targeting any company that has valuable assets to earn money?

28:20    – How are they using AI?

29:35    – Should we be more concerned given that they are using AI for more malicious activities?

30:30    – How close are we to seeing it shift from covert to overt types of attacks?

32:20    – What is the purpose of this report?

33:35    – What are you hoping the organisations and corporations take from this report?

34:40    – What is the cost of doing nothing?

36:20    – Where do you see North Korea and its operations be in the next five years?

37:25    – What activities and actions should we be doing moving forward?

38:30    – What is the key takeaway from this report?

Michael “Barni” Barnhart Bio:

Michael “Barni” Barnhart is a seasoned intelligence and cybersecurity professional with 20 years of experience across human intelligence (HUMINT), signals intelligence (SIGINT), and cyber threat operations. He currently serves on DTEX’s Insider Intelligence and Investigations (i³) team, focusing on nation-state insider threats. Prior to DTEX, Barni led threat hunting operations related to North Korea (DPRK) at Google Mandiant, where he conducted in-depth research on APT43, APT45, and the broader DPRK IT worker threat. His career began in the U.S. Army following 9/11, where he trained in interrogation and intelligence operations and deployed to Iraq, working alongside Joint Special Operations Command (JSOC). Afterward, he conducted SIGINT operations both overseas and domestically, then transitioned to cybersecurity roles including leading global cyber investigations for the U.S. Senate. At DTEX, Barni applies his deep understanding of adversary tradecraft to strengthen the platform’s insider risk detection capabilities, with a focus on identifying and mitigating infiltration efforts by state-sponsored actors.