Key Points
- North Korean spies pose as remote IT workers to infiltrate companies
- Over 320 incidents identified in the past 12 months, marking a 220% increase
- The scheme involves using false identities, resumes, and work histories
- North Korean IT workers use generative AI and AI-powered tools to draft resumes and modify their appearance
- The aim is to generate funds for North Korea’s sanctioned nuclear weapons program
- Estimates suggest thousands of North Korean IT workers may be employed by unknowing U.S. companies
- Implementing better identity verification processes can help prevent hiring sanctioned workers
North Korean Spies Pose as Remote Workers
Researchers at CrowdStrike have identified a significant increase in cases where North Koreans pose as remote IT workers to infiltrate companies. The scheme involves using false identities, resumes, and work histories to gain employment and earn money for the regime. The North Korean IT workers, referred to as “Famous Chollima” by CrowdStrike, rely on generative AI and other AI-powered tools to draft resumes and modify their appearance during remote interviews.
The aim of this scheme is to generate funds for North Korea’s sanctioned nuclear weapons program. While the exact number of North Korean IT workers currently employed by unknowing U.S. companies is unknown, estimates suggest it could be in the thousands. CrowdStrike recommends implementing better identity verification processes during the hiring phase to prevent hiring sanctioned workers.
The U.S. Department of Justice has sought to disrupt these operations by targeting U.S.-based facilitators who help run the scheme for their North Korean bosses. Prosecutors have indicted individuals involved in “laptop farm” operations, which include racks of open laptops used by North Koreans to remotely work as if they were physically located in the United States.
Source: techcrunch.com