- North Korean pirates have usurped the identity of employment candidates
- These candidates get a job in Western companies
- New research suggests that these campaigns have been taking place since 2016
North Korean pirates made the headlines recently by fraudulently obtaining a job in Western companies. The research of the Sophos (CTU) counter-menace unit has followed this as the Nickel tapestry campaign, identifying the infrastructure links that suggest that models have been operating since 2016.
Research shows that the campaign is increasingly targeting European and Japanese organizations – probably thanks to increased awareness among American companies. These fraudulent candidates were observed in Japanese, Vietnamese and Singaporean imitating professionals, as well as American characters.
Previous research has shown that North Korean pirates are presented as software development recruiters to target freelancers, disseminate malware through recruitment scams and steal cryptocurrency to victims.
Double goal
The salaries won by hackers seem to help finance the government’s interests of the Democratic People’s Republic of Korea – and records in record cryptography have also won the $ 1.5 billion piracy group. About 300 million dollars have been successfully converted by the group into irrevocable funds of this single incident, so these campaigns are lucrative for the state.
This is not all, however, because fraudulent workers were also observed in theft of skills and data exfiltration, as well as to deliberately obtain a job in industries with sensitive data, such as defense, aerospace and cybersecurity.
These roles allow workers to use remote access software and writing generated by AI, CV construction, image editing and videos improvement tools to usurp the identity of legitimate workers and bypass the default systems.
The organizations are invited to remain vigilant and carefully check the identities of the candidates, and to examine their CVS and to address carefully, which even suggests interviews in person as much as possible.
While distance positions are becoming more and more popular, companies should “monitor the traditional activity of initiates, the suspicious use of legitimate tools and travel alerts impossible to detect activity often associated with fraudulent workers”, confirms that Sophos.
