- North Korean agents use AI to apply for remote technical jobs
- Simple Questions about Kim Jong Un track instantly their job interviews
- Laptop holdings and Deepfakes help agents bypass Remove Employment Defense
At the recent RSA conference in San Francisco, security experts raised the alarm over a growing and increasingly sophisticated campaign of North Korean operatives to infiltrate global companies through remote job applications.
When he spoke in a panel, Adam Meyers, Senior Vice President of Crowdstike’s counter -offense department, said thousands of North Korean workers have managed to secure roles in Fortune 500 companies.
According to Meyers, these infiltrators use tools such as generative AI to produce polished LinkedIn profiles and job applications that work several partners behind the scenes during technical interviews to implement coding challenges, while a single individual handles video call, sometimes unmatched.
An unexpected question
“One of the things we have noticed is that you have a person in Poland applying with a very complicated name,” Meyers explained. “And then when you get them on zoom call it is a male early male Asian who can’t pronounce it.”
Meyers shared his favorite method of postponing such candidates: to ask an off-script question. “How fat is Kim Jong Un? They end the call immediately because it’s not worth saying anything negative about it,” he said.
When inside a company, the infiltrators often stand out thanks to team -based efforts behind a single identity.
FBI special agent Elizabeth Pelker said this success can make employers hesitate to remove suspected agents. “I think more often than not I get the comment on ‘Oh, but Johnny is our best artist. Do we actually need to shoot him?'”
The goals of these North Korean infiltrators are two -part: Collection of wages and gradually distinguishes intellectual property, often in small quantities to avoid detection.
Pelker recommended to conduct coding interviews within the business environment to observe behavioral red flags. If discovered and dismissed, these workers may still have credentials or leave sleeping malware for later extortion attempts.
The operation has developed further. Meyers described how portable breeder in the United States allows remote workers to counterfeit local IPs. In one case, the FBI busted a farm in Nashville. Meanwhile, false identity schemes have emerged in Ukraine, where citizens unconsciously support the North Korean efforts.
Pelker warned that Deepfake technology is also used to fool employment teams. Education and vigilance, she said, remains the best defense. As a panelist put it, organizations must be vigilant to hire fully remote workers and consider personal meetings whenever possible.
Via Registered
