North Korean Spies Posing As Remote Workers Have Infiltrated Hundreds Of Companies, Says Crowdstrike

Researchers astatine information elephantine CrowdStrike opportunity they person seen hundreds of cases wherever North Koreans posing arsenic distant IT workers person infiltrated companies to make money for nan regime, marking a crisp summation complete erstwhile years.

Per CrowdStrike’s latest threat hunting report, nan institution has identified complete 320 incidents complete nan past 12 months, up by 220% from nan twelvemonth earlier, successful which North Koreans gained fraudulent employment astatine Western companies moving remotely arsenic developers.

The strategy relies connected North Koreans utilizing mendacious identities, resumes, and activity histories to summation employment and gain money for nan regime, arsenic good arsenic allowing entree for nan workers to bargain information from nan companies they activity for and later extort them. The purpose is to make costs for North Korea’s sanctioned atomic weapons program, which has truthful acold made billions of dollars for nan regime to date.

It’s not known precisely really galore North Korean IT workers are presently moving for unknowing U.S. companies, but immoderate person estimated nan number to beryllium successful nan thousands.

According to CrowdStrike, nan North Korean IT workers, which nan institution calls “Famous Chollima” utilizing its naming strategy of hacking groups, trust connected generative AI and different AI-powered devices to draught resumes and modify aliases “deepfake” their quality during distant interviews. 

While the strategy is not new, North Koreans are progressively succeeding astatine getting jobs, contempt sanctions laws preventing U.S. companies from hiring North Korean workers.

CrowdStrike said successful its study that 1 of nan ways to forestall hiring sanctioned workers is by implementing amended personality verification processes during nan hiring phase. TechCrunch has anecdotally heard of immoderate crypto-focused companies asking prospective labor to opportunity captious things astir North Korea’s leader, Kim Jong Un, successful an effort to weed retired imaginable spies. The would-be North Korean labor are often highly monitored and surveilled, making immoderate specified petition intolerable and apt outing nan fraudulent worker.

Over nan past year, nan U.S. Department of Justice has sought to disrupt these operations by going aft nan U.S.-based facilitators who thief run and run nan scheme for their North Korean bosses. These operations person included targeting nan individuals who tally “laptop farm” operations, which see racks of unfastened laptops utilized by nan North Koreans to remotely do their activity arsenic if they were physically located successful nan United States. 

Prosecutors said in a June indictment that 1 North Korean cognition stole nan identities of 80 individuals successful nan U.S. betwixt 2021 and 2024 to get distant activity astatine much than 100 U.S. companies.