What are the chances your company accidentally hired a North Korean hacker? At the RSAC Conference in San Francisco, the FBI and security experts warned that the threat is widespread, despite ongoing efforts to crack down.
“In the last 90 days, we’ve seen over 90 incidents. So you’re looking at about one per day,” said Adam Meyers, Head of Country Adversary Operations at cybersecurity vendor CrowdStrike. “Those are high-paying developer jobs, [so] you’re seeing millions of dollars” flowing to the North Korean regime.
Microsoft security analyst Greg Schloemer echoed that warning. “We continue to see a real high volume of this activity,” he said, despite the FBI and cybersecurity community becoming more vocal about the problem.
“Any organization is a target,” he added. “There may be a misconception that large organizations are particularly vulnerable. But we have seen five-person teams fall victim to this kind of activity.”
While it’s difficult to quantify the threat, “Microsoft is tracking somewhere in the order of thousands of personas and identities that are used by North Korean IT worker operators,” Schloemer said. “So, it’s certainly a high volume operation.”
(Credit: PCMag/Michael Kan)
In addition, uncovering one North Korean IT worker scam can often reveal many others. A year ago, CrowdStrike kicked off an effort to hunt malicious insiders at companies. That investigation discovered 30 organizations victimized by an insider threat that law enforcement had recently uncovered at a defense company.
“Lo and behold, we found every single customer that we spoke to told us it was a true positive,” Meyers said. In some cases, victim companies had ignored signs that they had accidentally hired a North Korean as a remote IT employee for as long as 14 months.
During the RSAC panel, FBI agent Elizabeth Pelker also mentioned facing “200 plus victim notifications” as investigators uncovered more North Korean IT worker schemes last year. The threat has also proliferated with the help of US-based residents. North Koreans will pay these middlemen to receive and set up corporate laptops sent from their employers, sometimes unaware that they’re helping malicious hackers.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
“Generally, these individuals have been recruited online to host these laptops, thinking that overseas actors are based in China, and that they’re just doing these guys a favor,” Pelker said. “It starts with maybe one or two laptops, and then we’ll see upwards of 90 laptops at one person’s residence.”
In some cases, the North Korean IT workers perform the bare minimum. But in other cases, they are excellent workers. “More often than not, I always get the comment, ‘Oh, but Johnny is our best performer. Do we actually need to fire him?” Pelker said.
Hiring North Korean workers poses a grave security threat, of course. Operatives steal confidential data from victim companies with the goal of blackmailing their employers. RSAC panelists warned that the same access and data could be handed off to North Korea’s more elite state-sponsored hackers, who specialize in cyberespionage.
Recommended by Our Editors
To pull off the scheme, the North Koreans harness generative AI to help them create numerous fake LinkedIn profiles seemingly loaded with real photos and career histories. They can then use elaborate AI-powered deepfakes during video call interviews to change their faces in real-time, said Chris Horne, director of safety and trust at Upwork.
“The people who are actually going through the interview themselves are highly trained, they know exactly the kind of questions they’ll be asked,” he said.
Schloemer said it’s vital that companies scrutinize any employees from third-party recruiting firms, which may have more opaque hiring processes. “Third-party staffing firms are probably the largest vector for these actors to gain access to your organization,” he said.
Meanwhile, Meyers said companies can consider asking during a job interview, “How fat is Kim Jong Un,” to see if the employee is willing to malign the leader of North Korea. “They terminate the call instantly,” he said. “That actually does have some merit when you ask that question.”
About Michael Kan
Senior Reporter
Read the latest from Michael Kan
This article was published by WTVG on 2025-04-29 13:25:00
View Original Post
