- North Korea is responsible for nearly half of the tech sector’s cyber intrusions
- IT employee campaigns are hard to spot thanks to AI enhancement
- The funds are being used to help develop new weapons of mass destruction
A new Crowdstrike report has found that nearly half (47%) of state-sponsored attacks against US tech companies came from a single North Korean group.
The group, tracked as Famous Chollima, has launched a series of fake IT job schemes that use AI tools to enhance applicants’ personas.
The funds from successful incursions are a welcome addition to the nation’s highly industrialized economy and are subsequently used to develop and procure weapons of mass destruction for Kim Jong Un’s regime.
IT salaries paid to develop nuclear weapons
North Korea has long relied on cyber activity as a source of funds, with sanctions against the country and a closed economy resulting in the country being dubbed the ‘Hermit Kingdom’.
Reports of North Korea infiltrating businesses via IT worker applications have been widespread, but the extent of North Korea’s cyber activity was not fully understood until now.
The tiny country, with its highly developed cyber arm, has a number of notorious groups, such as the Lazarus Group, but many of the IT worker attacks have been attributed to the famous Chollima.
The group conducts its activities by seeking remote technology jobs with Western technology companies. They use AI tools to generate new personas, including photos, which are then tied to stolen documents such as passports and driving licenses to pretend to be citizens of their target country.
If successful, the job offers the fake worker a salary that is often thousands of times higher than the average North Korean, where the funds are provided by the state. The workers also steal intellectual property and secrets from the companies they work for and use them to advance the regime’s own technology industry or to launch further attacks against their employer.
If exposed, many of the workers will threaten to reveal their identity unless they are paid a fee that could be paid for the company to avoid the negative effects of employing a sanctioned individual.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
