Dozens of Fortune 100 companies have unknowingly hired North Korean IT workers
New research from Mandiant has revealed Employees from the Democratic People’s Republic of Korea (DPRK) have posed as other nationalities to be hired by Western companies and infiltrate their systems.
One facilitator was found to have helped IT workers use the stolen identities of more than 60 U.S. citizens at more than 300 companies, resulting in more than $6.8 million in revenue for DPRK IT workers between 2020 and 2023.
The U.S. Department of Justice has reportedly arrested and charged several U.S. citizens for running “laptop farms,” which would house equipment that U.S. companies would send to new “employees.” Once received, a facilitator would install remote access technology, allowing the North Koreans to log in from abroad.
Stolen login details
The tactic was first used in 2022, when the US government issued an advisory warning that DPRK employees were using remote work opportunities to gain privileged access and enable malicious cyber activity.
Using “front companies” allowed thousands of individuals to earn salaries, sometimes at multiple companies, apparently generating revenue for the DPRK. The access the employees gained to American technology companies could then be used for break-ins or cyber attacks.
“The biggest concern I have is what happens if these threat actors go undetected long enough and ultimately receive an order from the North Korean regime to launch a full-scale attack,” said Mandiant Principle Analyst Michael Barnhart.
While this sounds a bit far-fetched, it is not the first time that DPRK threat actors have used the labor market to deceive unsuspecting Westerners. Earlier this year, it was reported that DPRK cybercriminals were posting fake job advertisements to trick candidates into downloading malware.
To mitigate risk, Mandiant recommends spot checks that require employees to be remotely on camera, training employees to recognize suspicious activity, and requiring U.S. bank accounts for all financial transactions – as U.S. accounts require a strict verification process.
Via The record