- North Korean agents use AI to apply for remote technological work
- Simple questions about Kim Jong not instantly derail their job interviews
- Farms of laptops and Deepfakes help agents bypassing the job defenses at a distance
During the recent RSA conference in San Francisco, security experts raised the alarm in the face of a growing campaign increasingly sophisticated by North Korean agents to infiltrate global companies through remote employment requests.
Speaking in a panel, Adam Meyers, vice-president of Crowdstrike’s opponent’s Division Cutter Division, said thousands of North Korean workers had managed to ensure roles in fortune companies 500.
According to Meyers, these infiltrators use tools like a generative AI to produce Polis LinkedIn profiles and employment applications, as during technical interviews, several employees work behind the scenes to meet coding challenges while one individual manages video calls, sometimes unconvincing.
An unexpected question
“One of the things we have noted is that you will have a person in Poland to apply with a very complicated name,” said Meyers. “And then when you get them on Zoom calls, it is a man of Asian military age who cannot say it.”
Meyers shared his favorite method to exhibit such candidates: ask a question outside script. “What is Kim Jong’s fat?
Once inside a business, infiltrators are often excellent, thanks to team efforts behind a single identity.
FBI’s special agent Elizabeth Pelker said this success may make employers hesitating to withdraw suspicious agents. “I think most often, I receive the commentary on” Oh, but Johnny is our best performer. Do we really need to dismiss him? “”
The objectives of these North Korean infiltrators are double: collect wages and gradually exfiltant intellectual property, often in small quantities to avoid detection.
Pelker has recommended to conduct coding interviews in the business environment to observe behavioral red flags. If they are detected and dismissed, these workers can always have skills titles or leave dormant malicious software for attempts at subsequent extortion.
The operation has evolved more. Meyers described how farms of laptops in the United States allow distant workers to train it local IPS. In a case, the FBI broke out a farm in Nashville. Meanwhile, false identity regimes have emerged in Ukraine, citizens without knowing North Korean efforts.
Pelker warned that Deepfake Technology was also used to deceive the job teams. Education and vigilance, she said, remain the best defense. As a panelist said, organizations should be wary of the hiring of fully distant workers and to consider personal meetings whenever possible.
Via The register
