North Korean agents use AI to apply for remote tech jobsSimple questions about Kim Jong Un instantly derail their job interviewsLaptop farms and deepfakes help agents bypass remote hiring defenses
At the recent RSA Conference in San Francisco, security experts raised the alarm over a growing and increasingly sophisticated campaign by North Korean operatives to infiltrate global companies through remote job applications.
Speaking at a panel, Adam Meyers, senior vice president of CrowdStrike’s counter adversary division, said thousands of North Korean workers have managed to secure roles in Fortune 500 companies.
According to Meyers, these infiltrators use tools like generative AI to produce polished LinkedIn profiles and job applications, as during technical interviews, multiple collaborators work behind the scenes to complete coding challenges while a single individual handles video calls, sometimes unconvincingly.
An unexpected question
“One of the things that we’ve noted is that you’ll have a person in Poland applying with a very complicated name,” Meyers explained. “And then when you get them on Zoom calls it’s a military age male Asian who can’t pronounce it.”
Meyers shared his favorite method of exposing such candidates: asking an off-script question. “How fat is Kim Jong Un? They terminate the call instantly, because it’s not worth it to say something negative about that,” he said.
Once inside a company, the infiltrators often excel, thanks to team-based efforts behind a single identity.
FBI Special Agent Elizabeth Pelker said this success can make employers hesitant to remove suspected agents. “I think more often than not, I get the comment of ‘Oh, but Johnny is our best performer. Do we actually need to fire him?'”
The goals of these North Korean infiltrators are twofold: collecting wages and gradually exfiltrating intellectual property, often in small amounts to avoid detection.
Pelker recommended conducting coding interviews within the corporate environment to observe behavioral red flags. If detected and dismissed, these workers may still hold credentials or leave behind dormant malware for later extortion attempts.
The operation has evolved further. Meyers described how laptop farms in the U.S. allow remote workers to spoof local IPs. In one case, the FBI busted a farm in Nashville. Meanwhile, false identity schemes have emerged in Ukraine, with citizens unknowingly supporting North Korean efforts.
Pelker warned that deepfake technology is also being used to fool hiring teams. Education and vigilance, she said, remain the best defense. As one panelist put it, organizations should be wary of hiring fully remote workers and consider personal meetings whenever possible.
Via The Register
You might also like
75 zero-day exploitations spotted by Google, governments responsible for attacksNew spyware found to be snooping on thousands of Android and iOS usersWe’ve rounded up the best firewall software around