A growing number of North Korean IT professionals are securing jobs in Western companies under false identities, posing serious cybersecurity and compliance risks.
These workers, often highly skilled developers and engineers, use stolen or fake identities to bypass screening processes, gaining access to sensitive systems and intellectual property.
It is unclear what the motivation behind this trend is. So far, no major data breach or cyberattack has been directly attributed to these infiltrators. The workers are likely engaging in financial fraud, funneling earnings to the North Korean regime in violation of international sanctions, or positioning themselves for future cyber-espionage operations.
How they operate
The tech workers are forging their qualifications and use stolen or fabricated personal information to get the attention from hiring managers.
They typically target remote positions on Linkedin or freelance platforms like Upwork.
Thanks to AI, the workers can bypass the interview screening process. A founder of a cybersecurity startup captured evidence of a candidate using AI-generated deepfake technology to appear in a video interview.
Since the workers are generally good at what they do, it can take months, if not years, for companies to detect their presence. During that time, they can funnel a significant amount of money to North Korea and elevate their access or establish backdoors for potential attacks and cyber espionage.
How to protect your business
If your organization actively hires remote workers, it’s important to take this threat seriously. North Korea is a significant player in state-sponsored cyber operations, and its use of fraudulent remote workers is not just a financial scheme but a potential security risk.
Additionally, hiring these workers could lead to compliance violations, even if you had no idea that they were using false identities.
Here is what you can do to stay protected:
- Rigorous background checks: All employees must pass a background check that verifies their identity, qualifications, and prior work history.
- Conduct live job interviews: Implement live video calls instead of pre-recorded interviews. If something looks off, ask the candidate to perform real-time identity verification steps, such as turning their heads or speaking specific phrases.
- Strict access controls: Ensure employees have limited access to critical systems and data based on role-specific requirements.
