Researchers at Crowdstrike Security Giants say they have seen hundreds of cases where the North Koreans present as remote IT workers have penetrated companies to create money for the regime, showing a sharp increase over previous years.
Per The Last Crowdstrike threat hunting reportThe company has identified more than 320 incidents in the last 12 months, 220% since the previous year, where the North Koreans gained fraudulent employment in western companies that were working away as developers.
The program is based on the North Koreans using false identities, reiterates work stories to gain employment and make money for the regime, and allowing employees to steal data from the working companies and later displacing them. The goal is to create funds for North Korea’s nuclear weapons program, which has so far made billions of dollars for the regime to date.
It is not exactly known how many North Korean IT workers are currently working to know US companies, but some have estimated that the number is in thousands.
According to Crowdstrike, North Korean Informatics workers, which the company calls “famous Chollima” using the Hacking team’s naming plan, is based on AI genetics and other tools powered by AI to design resumes and modify or “deepfake”.
While the program is not new, the North Koreans are increasingly achieving jobs, despite sanctions that prevent US companies from hiring North Korea employees.
Crowdstrike said in its report that one of the ways to prevent employee hiring is by applying better identity verification processes during the recruitment phase. TechCrunch has heard a joke about some companies focusing on encryption, asking candidates to say critical things about North Korea leader Kim Jong Un in an attempt to eliminate potential spies. North Korean candidates are often monitored and imposed largely, making the request impossible and possibly launch the deceitful employee.
In the past year, the US Department of Justice has tried to disrupt these operations by going after the US -based facilitors, who help execute and operate the plan for North Korean bosses. These activities include targeting people who perform “laptop” acts, which include shelves of open laptops used by the North Koreans to do their job as if they were naturally in the United States.
Said prosecutors In an indictment of June This North Korean operation stole the identities of 80 people in the US between 2021 and 2024 to get remote work on more than 100 US companies.
