- North Korean agents use AI to request remote technology work
- Simple questions about Kim Jong a derail your work interviews instantly
- The portable farms and the defenders of the deep help the agents of the remote hiring defenses
In the recent RSA conference in San Francisco, security experts increased the alarm on a growing and increasingly sophisticated campaign of North Korea agents to infiltrate global companies through remote labor applications.
Speaking in a panel, Adam Meyers, senior vice president of the Crowdstrike’s Counter Adversary Division, said that thousands of North Korean workers have managed to ensure roles in Fortune 500 companies.
According to Meyers, these infiltrates use tools such as Generation AI to produce polished linkedin profiles and employment applications, such as during technical interviews, multiple collaborators work behind the scene to complete the coding challenges, while a single individual handles video calls, sometimes little convincing.
An unexpected question
“One of the things we have noticed is that you will have a person in Poland that applies with a very complicated name,” Meyers explained. “And then, when you take them to Zoom calls, it is an Asian military age who cannot pronounce it.”
Meyers shared his favorite method to expose such candidates: ask a script question. “How fat is Kim Jong Un? They end the call instantly, because it is not worth saying something negative about it,” he said.
Once within a company, the infiltrates often stand out, thanks to team efforts behind a single identity.
The special FBI agent, Elizabeth Pelker, said that this success can make employers hesitate to eliminate suspicious agents. “I think most of the time, I receive the comment from ‘Oh, but Johnny is our best interpreter. Do we really need to say goodbye?'”
The objectives of these infiltrates of North Korea are double: collect wages and gradually exfiltrate intellectual property, often in small quantities to avoid detection.
Pelker recommended coding interviews within the corporate environment to observe red behavioral flags. If they are detected and fired, these workers may still have credentials or leave latest malware for subsequent extortion attempts.
The operation has evolved even more. Meyers described how portable farms in the United States allow remote workers to falsify local IP. In one case, the FBI broke a farm in Nashville. Meanwhile, false identity schemes have emerged in Ukraine, with citizens without knowing it supporting the efforts of North Korea.
Pelker warned that Deepfake technology is also being used to deceive hiring equipment. Education and surveillance, they said, are still the best defense. As a panelist said, organizations must be careful to hire totally remote workers and consider personal meetings whenever possible.
Through The registration
