North Korea’s cyber‑criminals have quietly slipped into the world of architecture – and the fallout could be far scarier than anyone imagined.
For years, Western tech firms have unknowingly hired highly skilled programmers and developers from the Democratic People’s Republic of Korea (DPRK). These covert workers have been paid to build apps, mine cryptocurrency, and even infiltrate Fortune‑500 companies, funneling billions of dollars back to an authoritarian regime that uses the cash to fund nuclear weapons and dodge sanctions. Most people think the scam stops at software, but recent investigations reveal a far more unsettling twist.
A New Front: Fake Architects and Structural Engineers
A deep dive by cybersecurity firm Kela—shared with WIRED—uncovers a network of North Korean operatives posing as freelance architects and civil engineers. The group has been posting 2‑D blueprints and even 3‑D CAD files for U.S. properties, advertising a full suite of architectural services, and even fabricating official‑looking stamps and seals that would normally certify compliance with local building codes.
“These operatives are active not only in technology and cybersecurity but also in industrial design, architecture, and interior design, accessing sensitive infrastructure and client projects under fabricated identities,” Kela writes.
The United Nations estimates that DPRK‑linked IT workers generate $250‑$600 million each year for the regime. Adding architecture to the mix could dramatically widen the scope of illicit revenue streams.
How the Scam Operates – A Step‑by‑Step Walkthrough
Kela’s researchers traced a GitHub account tied to a suspected North Korean network. The profile listed a public Google Drive folder that anyone could download, revealing:
- Hundreds of duplicate or falsified résumés.
- Stock images for profile pictures.
- Detailed personas crafted to win freelance contracts.
- Spreadsheets containing hundreds of email addresses used for outreach.
The files also contained marketing copy promising “licensed architects in every U.S. state,” complete with offers to deliver site plans, structural analysis reports, and stamped construction documents. Some documents even claimed the scammers could secure permits on the client’s behalf.
Example of a pitch: “We can provide you with all construction docs (site plan, structural analysis report, stamp) and we can help you get permission for construction docs.”
The cache also held actual design work: floor plans for decks, farmhouses, custom treehouses, swimming pools, and a request to redraw a restaurant patio. Whether these drawings were ever turned into real‑world structures remains unverified, but past reporting suggests North Korean actors have indeed produced tangible deliverables for other illicit projects.
Real‑World Consequences and Legal Red Flags
In July, Canada’s CBC reported that a Toronto architect’s official seal had been altered and misused by North Korean workers on plans they never authored. The architect confirmed the signature and seal did not match his own, raising alarms about the authenticity of documents circulating online.
Michael “Barni” Barnhart, a leading authority on North Korean cyber threats at DTEX, says the architectural schematics are not just theoretical. “The plans are being used and being built,” he asserts, noting that similar front companies have been set up to give the operation a veneer of legitimacy. He warns that the quality of the structural work is questionable, and safety could be compromised if these designs are implemented without proper oversight.
Barnhart also points out that the scammers have been hired for critical infrastructure projects, and early reviews of their remodels and renderings are often negative. “It’s not like a hypothetical—those physical things do exist out there,” he emphasizes.
Inside the Freelance Funnel – A 24‑Minute Screen Capture
One leaked video shows a scammer creating a freelance profile, claiming to be a “licensed structural engineer/architect in the USA.” The actor selects a stock portrait, uses a Korean‑English translator, and even employs a Social Security number generator to appear legitimate. Within minutes, they begin messaging potential clients with offers like, “I can provide you permit drawing plan set for your residential home design within a few days.”
Pricing appears to range from a few hundred dollars up to about $1,000 per job—an attractive proposition for unsuspecting homeowners or small contractors looking for cheap design work.
Why This Matters – And What You Can Do
The shift from software to architecture shows how adaptable and opportunistic the DPRK’s cyber‑crime syndicate truly is. While many companies are now wary of fake tech résumés, they often overlook freelance marketplaces where design work is posted. The danger isn’t just financial loss; it’s the potential for unsafe buildings, compromised infrastructure, and the further enrichment of a regime that threatens global security.
But here’s where it gets controversial: Some argue that exposing these scams could inadvertently give the North Korean operators more publicity, helping them refine their tactics. Others believe that shining a light on the issue is the only way to protect consumers and businesses.
Join the Conversation
Do you think freelance platforms should implement stricter verification for architects and engineers, or would that stifle legitimate talent? Have you ever encountered a suspicious design offer online? Share your thoughts below—agree, disagree, or add your own experience. The more we discuss, the harder it becomes for these scammers to hide in plain sight.
All names and organizations mentioned are based on publicly available reports and statements from cybersecurity experts. The information presented reflects the latest findings as of October 2025.
