North Korean spies pretending to be remote workers have infiltrated hundreds of businesses, explains Crowstrike

Crowdstrike safety giant researchers say they saw hundreds of cases where North Koreans pretending to be distant IT workers have infiltrated businesses to generate money for the diet, marking a strong increase compared to previous years.

By Crowdsstrike’s latest threat hunting reportThe company has identified more than 320 incidents in the last 12 months, up 220% compared to the previous year, in which the North Koreans have obtained a fraudulent job in Western companies working remotely as developers.

The regime is based on North Koreans using false identities, curriculum vitae and professional history to earn a job and earn money for the regime, as well as to allow access to workers to steal data from companies for which they work and extort it later. The objective is to generate funds for the nuclear weapon program sanctioned in North Korea, which has so far made billions of dollars for the scheme to date.

We do not know exactly how many North Korean IT workers are currently working for unconscious American companies, but some have estimated the number for thousands of people.

According to Crowdsstrike, the North Korean IT workers, whom the company calls “Famous Chollima” using its scheme of denomination of hacking groups, rely on a generative AI and other tools fueled by AI to write curriculum vitae and modify or “deepfake” their appearance during remote interviews.

While The scheme is not newNorth Koreans are increasingly managed to find a job, despite the sanctions preventing US companies from hiring North Korean workers.

Crowdstrike said in his report that one of the means to prevent hiring workers was to implement better identity verification processes during the job phase. Techcrunch has anecdotally heard companies focused on cryptocurrencies to ask potential employees to say critical things about the leader of North Korea, Kim Jong Un, in order to eliminate potential spies. Future North Korean employees are often very watched and monitored, making such a demand impossible and probably the exit of the fraudulent worker.

In the past year, the United States Ministry of Justice has sought to disrupt these operations by continuing facilitators based in the United States which help Execute and exploit the diagram For their North Korean patterns. These operations have included targeting individuals who direct “laptop farm” operationswhich includes racks of open laptops used by North Koreans to do their work remotely as if they were physically located in the United States.

Prosecutors said In a June accusation act This North Korean operation stole the identity of 80 people in the United States between 2021 and 2024 to obtain remote work in more than 100 American companies.