For the past decade, North Korea has engaged in a wide-ranging effort to place remote workers at U.S. companies in order to funnel money back to its coffers and, in some cases, steal sensitive information.

When one American cybersecurity company became suspicious of an applicant, it set a trap that would uncover the inner workings of the multimillion-dollar employment scheme. Over a roughly three-month investigation, it found an apparent network of at least 20 North Koreans who had collectively applied to at least 160,000 roles.