Microsoft Threat Intelligence has observed that North Korean IT workers are leveraging AI to improve their operations to steal data and generate revenue for the Democratic People’s Republic of Korea (DPRK). Stricter pre-employment vetting measures are necessary to detect fraudulent remote workers.
According to Microsoft, North Korea has deployed thousands of remote IT workers who are knowledgeable in software and web development. They get jobs with companies to generate revenue for the North Korean government or steal sensitive corporate data.
These highly skilled workers are often located in North Korea, China, and Russia and use tools such as VPNs, proxy services, and remote monitoring and management (RMM) tools to hide their true location and identity.
Historically, fraudulent remote workers from North Korea focused their attention on companies in the United States in the technology, critical manufacturing, and transport sectors. Nowadays, they have evolved to broaden their scope to target multiple industries, including several Fortune 500 companies.
Detecting a fraudulent employee is easier said than done. They create, rent, or procure stolen identities that match the geo-location of their target organizations, create email accounts and social media profiles, and establish legitimacy through fake portfolios and profiles on developer platforms like GitHub and LinkedIn.
In addition, to make the fraud scheme even more convincing, North Korean scammers use AI tools to enhance their operations. They create fake profile pictures and use AI voice cloning software to craft fake personas, perform remote work, and secure payments.
To detect fraudulent remote IT workers, Microsoft says it’s important to implement stricter pre-employment vetting measures and create policies to block unapproved IT management tools.
In addition, organizations should check whether a potential employee is employed at multiple companies using the same persona. A video interview should always be part of the application procedure to establish an applicant’s identity.
Your email address will not be published. Required fields are markedmarked