Researchers at Security Giant Crowdstrike say they have seen hundreds of cases where North Koreans pretend to be IT workers in remote areas.
With each CrowdStrike’s latest threat hunting report, the company has identified more than 320 incidents in the last 12 months. This is up 220% from the previous year, with North Korea gaining fraudulent employment in Western companies working remotely as developers.
The scheme uses false identities, resumes and workplace history to not only rely on North Korea to acquire jobs and earn money for the regime, but also allows workers to steal data from the companies they work for and later force them to force them. The aim is to generate funding for North Korea’s approved nuclear weapons program.
It is not clear exactly how many North Korean IT workers currently work, unaware of US companies, but the number is considered to be thousands.
According to CrowdStrike, the company uses the hacking group’s naming scheme to call “famous Cholimas,” North Korean IT workers rely on generated AI and other AI-powered tools to draft and modify or “deepfake” their resumes during remote interviews.
The scheme is not new, but North Koreans are increasingly successful at getting jobs despite sanctions that prevent US companies from hiring North Korean workers.
In its report, CrowdStrike said one way to prevent employment sanctions workers is to implement a better ID verification process during the employment stage. cryptoprune is anecdotally hearing about a crypto-focused company that asks prospective employees to say critical things about North Korean leader Kim Jong-un to eliminate potential spies. North Korean employees are often highly monitored and monitored, so such requests are impossible and bringing unauthorized workers out.
Over the past year, the US Department of Justice has tried to disrupt these operations by chasing US-based facilitators who run and run the North Korean boss scheme. These businesses include targets of individuals who run “laptop farm” operations. This includes an open laptop rack used by North Korea to work remotely.
Prosecutors said in June in the indictment that one North Korean operation stole the identities of 80 US individuals between 2021 and 2024.