Canadian Government Advisory Warned of North Korean IT Workers Using AI-Enabled Deepfake Technology

On July 16, 2025, the RCMP, Public Safety Canada, Global Affairs Canada, FINTRAC, and the Canadian Centre for Cyber Security issued a joint advisory warning that North Korean nationals were using AI-enabled deepfake technologies to secure remote IT positions, posing as legitimate freelancers based in other nations (RCMP, 2025; BNN Bloomberg, 2025).

The advisory warned that operatives use AI-enabled deepfake technology to disguise their appearances during meetings and interviews, and that AI tools are used in the application process (RCMP, 2025). Once employed, the advisory stated, North Korean IT workers may insert passive malware and backdoors into program codes that can collect information, monitor traffic, or facilitate future exploitation (RCMP, 2025). The generated income funds the DPRK regime's weapons programs (RCMP, 2025).

The advisory identified target sectors including mobile and web application development, gaming and online gambling, general IT support, graphic animation, database and online platform development, and hardware and firmware development (RCMP, 2025; BNN Bloomberg, 2025). It noted that small businesses and startups are particularly attractive targets (RCMP, 2025).

Microsoft threat intelligence published a report on June 30, 2025 documenting the activity cluster it designates Jasper Sleet (formerly Storm-0287), describing the evolution of North Korean IT worker tactics including the use of face-swapping tools for identity documents and experimental use of voice-changing software (Microsoft Security Blog, 2025). Microsoft stated it had not yet observed combined AI voice and video products used in interviews but assessed this capability could enable future campaigns (Microsoft Security Blog, 2025).

The advisory referenced aligned advisories from Australia, the Republic of Korea, and the United States addressing the same threat (RCMP, 2025).