North Korean IT Worker Unmasked After Refusing to Insult Kim Jong Un in Job Interview

Home Cyber Security North Korean IT Worker Unmasked After Refusing to Insult Kim Jong Un... A viral video circulating in cybersecurity and crypto circles has exposed a novel and surprisingly simple technique for unmasking North Korean state-sponsored IT workers attempting to infiltrate Western organizations: asking them to insult their Supreme Leader. The footage shows a job candidate, Taro Aikuchi, a Japanese national, identifying himself and refusing to repeat the phrase about Kim Jong when prompted by an interviewer. The candidate’s visible discomfort and flat-out refusal to comply with the seemingly absurd request immediately raised red flags, ultimately leading to his unmasking as a North Korean operative working under a fabricated identity. The clip, shared by researcher @tanuki42_ on X, has since drawn significant attention from security professionals and hiring managers across the crypto and decentralized finance (DeFi) space sectors that have been disproportionately targeted by Pyongyang-linked hacking groups such as Lazarus Group and TraderTraitor. HERE IS A VIDEO OF A NORTH KOREAN IT WORKER BEING STOPPED DEAD IN THEIR TRACKS UPON BEING REQUIRED TO INSULT KIM JONG UN. IT WON'T WORK FOREVER, BUT RIGHT NOW IT'S GENUINELY AN EFFECTIVE FILTER. I'M YET TO COME ACROSS ONE WHO CAN SAY IT. HTTPS://T.CO/8FFVPXNM8X PIC.TWITTER.COM/KXI5EFMO5L — tanuki42 (@tanuki42_) April 6, 2026 The Test Turns Effective North Korea’s IT worker scheme is not new. The U.S. Department of Justice and DPRK-focused threat intelligence teams have repeatedly warned that North Korea deploys thousands of IT workers abroad or remotely using stolen or fabricated identities to secure employment at technology companies. Once inside, these operatives either generate revenue for the regime, exfiltrate proprietary data, or plant backdoors for future exploitation. The crypto and DeFi industries have been prime targets due to their remote-first hiring cultures, pseudonymous norms, and the potential for direct access to digital assets. High-profile incidents, including the $1.4 billion Bybit hack attributed to Lazarus Group in early 2025, underscore just how damaging successful infiltration can be. While unconventional, the interview technique exploits a well-understood psychological reality: North Korean operatives live under extreme ideological conditioning, and criticizing Kim Jong Un even fictitiously in a private setting poses a genuine internal barrier. Several DeFi protocols and Web3 startups have already cited this method as a supplementary screening layer alongside standard identity verification, background checks, and document authentication. Security researchers caution that this should not be a standalone control. Sophisticated actors may adapt over time. Robust defenses still include video-verified identity checks, government ID cross-referencing, IP and VPN detection, and behavioral monitoring post-hire. Still, the Taro Aikuchi incident serves as a stark reminder that human behavioral signals, however low-tech, can cut through layers of digital deception in ways that automated tools sometimes cannot. The video has been widely shared as both a cautionary tale and a darkly humorous addition to the modern threat intelligence playbook. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Bug Bounty Google’s Bug Bounty Program Hits All-Time High With $17 Million in 2025 Payouts Apache Apache Traffic Server Vulnerabilities Let Attackers Trigger DoS Attack Cyber Security News Critical Dgraph Database Vulnerability Let Attackers Bypass Authentication Top 10 Top 10 Best User Access Management Tools in 2026 April 4, 2026 Top 10 Best VPN For Chrome in 2026 April 4, 2026 20 Best Application Performance Monitoring Tools in 2026 April 3, 2026 Top 10 Best VPN For Linux In 2026 April 3, 2026 10 Best VPN For Privacy In 2026 April 2, 2026