Unmasking the Threat: How 300+ Companies Fell Victim to North Korean Remote Worker Scams.

The increasing infiltration of United States companies by North Korean IT workers, through remote employment, has escalated substantially, with incidents surging more than 220% over the past year, according to cybersecurity firm CrowdStrike.

As detailed in CrowdStrike’s annual threat hunting report, North Korean IT personnel have successfully infiltrated over 320 companies within the last twelve months. The report warns of the use of generative artificial intelligence (AI) by North Koreans to deceive companies into hiring them and sustain the rapid rate of successful intrusion.

These findings echo earlier reports from CrowdStrike and the Federal Bureau of Investigation (FBI). In April, a CrowdStrike executive revealed that the company was frequently discovering schemes involving North Korean IT workers. In June, US investigators issued warnings about North Koreans securing remote IT positions in over 100 US companies, sometimes with assistance from individuals residing within the US. This includes an Arizona woman who was incarcerated for facilitating North Korean access to and use of corporate-issued laptops within the US.

CrowdStrike’s report emphasizes that generative AI tools enable North Koreans to create convincing profile images, write authentic-looking resumes and cover letters, and apply for remote IT positions. During video calls, these same AI tools can be utilized to deepfake a North Korean’s identity, altering their appearance in real-time.

“Using a real-time deepfake plausibly allows a single operator to interview for the same position multiple times using different synthetic personas, thereby increasing the likelihood of being hired,” CrowdStrike wrote in the report.

These generative AI programs excel at English-language translation and computer coding, allowing CrowdStrike to detect North Koreans employing large language models to assist them in passing coding tests and maintaining daily communication with employers.

Hiring North Korean workers poses significant risks for companies. Previous instances have involved the theft of sensitive data in attempts to extort additional funds from employers. Companies that unwittingly provide financial support in this manner effectively aid the North Korean government, which is currently subject to strict sanctions.

In response, CrowdStrike advises companies to conduct thorough due diligence on remote hires, including implementing “real-time deepfake challenges” during video call interviews. For example, a deepfake may falter if a hand passes over the video caller’s face.