- North Korea is responsible for almost half of cyber intrusions in the technology sector
- IT worker campaigns are difficult to detect thanks to improved AI
- The funds are used to help develop new weapons of mass destruction.
A new report from Crowdstrike found that nearly half (47%) of state-sponsored attacks on American tech companies came from a single North Korean group.
The group, known as Famous Chollima, has launched a series of fake IT worker schemes that use artificial intelligence tools to enhance the personality of applicants.
Funds from successful intrusions are a welcome addition to the nation’s highly industrialized economy and are subsequently used to develop and acquire weapons of mass destruction for Kim Jong Un’s regime.
IT salaries paid to develop nuclear weapons
North Korea has long relied on cyber activity as a source of funds, and sanctions against the country and a closed economy resulted in the country being nicknamed the “Hermit Kingdom.”
Reports of North Korea infiltrating companies through IT worker apps have been widespread, but until now the scale of North Korea’s cyber activity has not been fully understood.
The small country with its highly developed cyber arm has several notorious groups, such as the Lazarus Group, but many of the attacks on IT workers have been attributed to the notorious Chollima.
The group carries out its activities by applying for remote tech jobs at Western tech companies. They use artificial intelligence tools to generate new personas, including images, which are then linked to stolen documents, such as passports and driving licenses, to pose as citizens of their target country.
If successful, the job provides the fake worker with a salary that is often thousands of times higher than that of the average North Korean, and is funded by the state. Workers also steal intellectual property and secrets from the companies they work for, using them to advance the regime’s own technology industry or to launch new attacks against their employer.
When exposed, many of the workers will threaten to reveal their identity unless they are paid a fee, which could be paid for the company to avoid the negative effects of having hired a sanctioned person.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
