Security experts from Nisos have recently uncovered a new tactic employed by North Korean hackers to infiltrate foreign firms and gain access to valuable corporate information. These hackers, known for their cyber operations targeting financial institutions and cryptocurrency databases, are now utilizing platforms like GitHub to create fake workspaces and portfolios in order to deceive potential employers, particularly those based in Japan and the United States.
The operation typically begins with the hackers creating fake online profiles, often posing as individuals from Vietnam, Japan, or Singapore, and uploading manipulated photos to give the appearance of a legitimate work environment. These profiles are then used to create misleading workspaces on GitHub, where the hackers showcase fabricated projects and coding expertise to project the image of skilled developers or engineers.
Once the fake profiles are established, the hackers start applying for remote job positions, such as blockchain developers and full-stack engineers, in companies located in Japan and the United States. Their ultimate goal is not only to secure employment but also to gather sensitive information that can be sold to competitors or transmitted to remote servers for the benefit of North Korea’s regime.
This tactic bears similarities to previous cases, such as Chinese nationals in the UK transmitting sensitive data to Chinese intelligence agencies, highlighting the growing risks of cybercriminals infiltrating organizations under false pretenses. As a result, business leaders are being advised to exercise caution when hiring for remote positions and conduct thorough background checks on candidates, including verifying educational backgrounds, scrutinizing nationalities, and performing criminal checks.
Employers are also being urged to ensure that drug tests and other relevant screening processes are followed before offering employment to protect companies from the increasing threat of cyber espionage and safeguard sensitive information. By taking these precautions, businesses can mitigate the risks posed by hackers seeking to exploit platforms like GitHub for malicious purposes.