10-09-2024
It has become increasingly common for North Korean cybercriminals to use fake identities to gain access to various organizations through employment. According to a CIO.com article, the FBI has warned of attempts by North Korean IT workers to pose as non-NK nationals to help fund weapons development. In October 2023, the FBI provided guidance on red flags for deep fake job candidates. In May 2024, the Justice Department arrested individuals helping North Korea to breach Fortune 500 companies using stolen American identities. In June 2024, the Wall Street Journal interviewed a CEO who reported stopping “over 50 candidates that were North Korean spies.”
In August 2024, a security firm admitted to unwittingly hiring a North Korean spy. The firm sought a remote software engineer for its internal IT AI team. After going through a typical hiring process that required a resume, four video conference interviews (that matched the application photo), a standard background check, and reference verification, they hired this individual. The company sent a computer workstation to the US address provided. This fake worker immediately uploaded malware. But, the IT security department caught it and shut down access after the employee refused to respond. The fake worker had stolen an American identity and used AI tools to make a stock photo look like a brand-new person, change his voice, and possibly change his image. He had the computer sent to an "IT mule laptop farm" and then used a VPN to mask his location in North Korea (or China).
These kinds of events require organizations to become more robust in their screening efforts. CIO.com recommends that companies look for signs candidates are relying on genAI interview aides, use strong identity verification systems when allowing new user accounts, and consider reverifying existing employees.