A recent surge in North Korean fake IT worker scams has revealed a new trend in incorporating theft and extortion tactics, expanding the scope of targeting against technology and other companies. The deception involves North Korean operatives posing as legitimate IT professionals to secure employment at Western firms, particularly for roles offering remote work options.
Once hired, these “remote workers” exploit their insider access to conduct reconnaissance on a company’s infrastructure, steal sensitive information, and siphon off their salary to the North Korean regime. This fraudulent scheme has impacted over 300 businesses, generating millions in revenue for the rogue state.
In a recent case highlighted by security firm Exabeam, a potential candidate displayed technical knowledge during the interview process but raised suspicions with scripted responses and unnatural behavior. It was later discovered that the candidate was using deepfake video technology to deceive the interviewers. This incident underscores the growing threat posed by deepfake technology in social engineering and extortion campaigns.
Following this incident, Exabeam revamped its recruitment process to implement stricter safeguards, such as mandatory video interviews for remote job applicants and enhanced staff training to detect suspicious activity. Other companies are advised to verify candidates’ identities, be cautious during video calls, and monitor the use of remote access and VPN tools during onboarding.
The evolution of North Korean IT worker scams has now taken a disturbing turn with the introduction of extortion based on stolen proprietary data. Instances have been reported where contractors exfiltrated sensitive information from companies shortly after being hired and later demanded large sums of cryptocurrency to prevent the publication of the stolen data. Such extortion tactics were not observed in previous iterations of the scam.
Cybersecurity incident response firm Secureworks has investigated multiple cases of North Korean IT workers engaging in extortion after gaining insider access to companies. The evolving nature of these scams has prompted warnings from governments and security experts globally, emphasizing the need for enhanced vigilance and security measures against such cyber threats.
As the threat landscape continues to evolve, companies are advised to stay informed about the latest tactics used by malicious actors and take proactive steps to safeguard their networks and sensitive data. By remaining vigilant and implementing robust security measures, organizations can mitigate the risk posed by fraudulent IT worker scams and other cyber threats originating from North Korea and other hostile actors.