North Korean IT operatives are reportedly using artificial intelligence (AI) to gain employment in large European companies, posing as ‘remote workers’ to collect salaries, according to a Financial Times (FT) report on the 15th local time.
Previously, the U.S. Department of Justice revealed that from 2020 to 2024, North Korean operatives infiltrated over 300 U.S. companies as remote workers, funneling approximately $6.8 million (about 10 billion KRW) back to the North Korean regime.
Jamie Collier, a senior advisor at Google Threat Intelligence Group (GTIG) Europe, warned in an interview with FT that these tactics have spread to Europe, with North Korean operatives establishing ‘laptop factories’ in the UK and carrying out such fraudulent activities.
He further noted, “Recruitment is generally not considered a security issue, which makes it a vulnerable spot in company systems, and North Korean operatives target these vulnerabilities.”
Collier shared an instance where a client was informed that one of their employees was actually a North Korean operative, only to receive the response, “Are you 100% sure? That person is one of our top employees.”
Leif Feling, Director of Threat Intelligence at cybersecurity firm Sophos, stated that such operations are state-supported, targeting well-paid, fully remote technical positions. The operatives disguise themselves as candidates with 7-10 years of experience to secure jobs and collect salaries.
These operatives reportedly use meticulous methods to steal or forge identities. They hijack unused LinkedIn accounts or pay account holders for control, then forge resumes and identity documents. They manipulate resumes by exchanging recommendations among accomplices on LinkedIn.
They subsequently create digital avatars using AI and employ deepfake technology to conduct remote interviews.
Alex Laurie, Chief Technology Officer (CTO) at cybersecurity firm Ping Identity, pointed out that fake applicants utilize large language models (LLM) to generate plausible names and email addresses to evade suspicion.
Laurie emphasized, “The future of UK security hinges on companies’ ability to identify the true identities of the workforce against persistent AI-based impacts.”
In a LinkedIn post last January, Amazon’s Chief Security Officer Steven Schmidt mentioned that Amazon blocked employment for over 1,800 individuals suspected of being North Korean operatives after April 2024.
#NorthKorea #Operatives #AI #Employment #Europe
For inquiries and tips, contact Yonhap News TV via KakaoTalk/Line at jebo23.