North Korean IT Worker Infiltrations Surge Amid GenAI Tactics
The North Korean IT worker scheme has seen a significant increase, with infiltrations rising by 220% over the past year. CrowdStrike, a cybersecurity firm, highlights that they now investigate about one incident daily related to North Korean software developers acquiring jobs under false pretenses.
Employment Fraud Tactics
North Korean operatives, referred to as "Famous Chollima," employ generative AI to enhance their infiltration tactics. They create thousands of synthetic identities, alter photos, and develop tools to research job postings. During interviews, they utilize AI to disguise their appearance and refine their responses to technical challenges.
They also rely on AI to improve their fluency in English and to assist with daily work tasks, such as responding in chat applications and drafting emails. The report notes that real-time deepfake technology is likely being used to mask identities during video calls, significantly increasing the chances of being hired.
CrowdStrike reports that operatives actively search for AI face-swapping applications and subscribe to deepfake services to facilitate their operations.
Laptop Farms and Global Operations
The expansion of "laptop farms" beyond U.S. borders is notable. Following increased scrutiny from U.S. law enforcement, North Korean workers have begun establishing operations in Europe, especially in Romania and Poland. Adam Meyers from CrowdStrike states that North Korean workers are now securing jobs in these regions and utilizing laptops shipped to various locations for remote access to U.S. companies.
In a high-profile case, Christina Chapman, a former Arizona resident, was sentenced to 8.5 years in prison for running a laptop farm that enabled North Korean workers to secure 309 jobs and generate $17.1 million in revenue. Companies like Nike found themselves victims of this scheme as their systems were compromised.
Law Enforcement Actions
The U.S. Department of Justice has initiated coordinated actions against North Korean remote IT work schemes. Recent efforts involved charges, arrests, and the seizure of numerous financial accounts and fraudulent websites. These actions led to significant disruptions in the operations of North Korean IT workers.
In a notable indictment, Zhenxing Wang and others conspired to obtain remote IT work, generating over $5 million in revenue. The scheme involved compromising the identities of U.S. citizens to facilitate employment with U.S. companies.
The FBI has executed searches at various laptop farms and seized laptops and remote access devices. The ongoing investigations highlight the necessity for companies to tighten their hiring and security practices.
Protecting Against North Korean IT Worker Schemes
To mitigate the risks posed by North Korean IT workers, businesses are advised to implement strict identity verification processes. This includes scrutinizing identity documents for irregularities and verifying employment and educational backgrounds directly with institutions.
Companies should also mandate in-person meetings when possible and be wary of virtual interviews. It's crucial to capture images for future comparison and analyze payment methods for any suspicious patterns.
For businesses employing contracted IT workers, educational outreach to third-party vendors about these threats is essential. Building relationships with local FBI offices can also enhance collaboration in mitigating these risks.
Reports of North Korean IT worker activities can be made to local FBI field offices or through the FBI's Internet Crime Complaint Center.
For more information on the actions taken against North Korean remote IT workers, refer to the various advisories and resources available through the Department of Justice and the FBI.
