North Korean IT worker infiltrations exploded 220% over the past 12 months, with GenAI weaponized at every stage of the hiring process

The number of companies that have been rented from software developers in North Korea has been revealed by 220 % during the past 12 months – and most of their success is due to the automation of the workflow involved in obtaining technology jobs and operating technical jobs. IT workers infiltrated more than 320 companies in the past 12 months.

To the specified level: North Korea’s IT plan is a vast conspiracy to evade financial sanctions on the Democratic Republic of Korea for the Human Ruler, authoritarian ruler Kim Jong Un and the steadfast pursuit of the development of weapons of mass destruction. To avoid sanctions and earn money to continue to finance its nuclear program, North Korea is now training young people and boys in technology, sending them to elite schools in Pyongyang and around it, then publishing them in teams of four or five to sites around the world including China, Russia, Nigeria, Campodia and United Arab fellow.

All workers are required to earn 10,000 dollars per month, according to a worker, and they were able to do so by obtaining remote jobs at work in the United States and European companies with good salaries, according to court records. Since 2018, the United Nations ’capabilities, the plan has produced between $ 250 million to 600 million dollars annually on the emergence of thousands of North Korean men.

For Fortune 500, the IT plan was a flashing red alert about the development of job chances. Court records show that hundreds of 500 companies have rented thousands of IT workers in North Korea, in violation of sanctions in recent years. In some cases, the IT plan revolves around generating stable revenue for the system. In other cases, FBI investigators have found evidence that IT workers share information with more malicious infiltrators who stole nearly $ 3 billion of encryption, according to the United Nations.

Under the siege

Croldstrike’s investigations revealed that technology workers in North Korea, which is an aggressive description of “famous Chollima”, from artificial intelligence to expand the scope of each aspect of the process. The North Koreans used the Writage of Amnesty International to help them form thousands of artificial identities, change images, and build technical tools to search for jobs, track and manage their applications. In the interviews, the North Koreans used Amnesty International to hide their appearance in video calls, guide them to answer questions, and pass the challenges of technical coding associated with software jobs.

It is important, now they depend on artificial intelligence to help them appear more fluently in English and good knowledge of the companies where they are conducting interviews. Once they are appointed, Chatbots use Amnesty International to help with their daily work – responding to Slack, formulating emails – to ensure that their written offers seem sound grammatical and help them press multiple functions at the same time.

“It is very likely that Chuelima’s customers actually use Deepfake technology in an actual time to hide their real identities in video interviews,” the report says. “Using Deepfake in an actual time allows one operator to meet with the same position several times using different artificial characters, which enhances the possibilities that will be appointed the operator.”

Croldstrike Investigator Information Workers in North Korea who are searching for artificial intelligence exchange requests and payment of installments for subscriptions for Deepfake services during active operations.

“McCarian Farms” exceeds the borders of the United States

Adam Myers told the first Vice president of Crowdstrike’s anti -infections, luck His team is generally looking for one incident on the day related to the North Korean IT scheme. The program expanded beyond the American border, as the application of the American law has taken local operations with the accusations and consulting regulations, and with more American companies tightening their security practices and shaved their defenses.

Last month, a 50 -year -old woman in Arizona, Christina Chapman, was sentenced to 8.5 years in prison in July, after she admitted a guilty of her role in operating a “laptop farm” from her home. Prosecutors said that they accepted and maintained 90 laptops and installed a remote access program so that the North Koreans could work for American companies. The authorities revealed that the Chapman operation alone helped the workers obtain 309 jobs that achieved revenues of $ 17.1 million through their salaries. The authorities said that approximately 70 Americans had stolen their identities in the process. This was not just attacking the smaller companies with an infrastructure for more flexible employment; Nike was one of the companies that were affected, according to the victim’s statement in the Chapman case. The sport shoe and the giant of the active clothing unintentionally rented a North Korean work with Chapman. Nike did not respond to luckComment requests.

“American law enforcement has been greatly put in its ability to operate laptop farms, so that it is expensive or difficult to obtain distant jobs here in the United States, as it rises to other locations,” Mayers said. “They get more traction in Europe.”

Myers said that Croldstrike has witnessed new farms for laptops that were established in Western Europe via Romania and Poland, which means that North Korean workers get jobs – as surplus developers – in those countries and then laptops are shipped to farms there. He said that the plan is the same as it works in the United States: a Roman or Polish developer will be supposed to meet with a company, and they will be appointed, and a laptop will be shipped to a well -known destination in those countries. In other words, instead of charging devices and internal materials to the actual resident where the supposed developer works, the laptop is shipped to a well -known farm address in Poland or Romania. Myers said that the excuse is the same type that has proven its effectiveness in American companies. The developer will claim that he suffers from a medical or family emergency that requires a change in the shipping address.

“Companies need to stay awake if they are employed abroad,” Mayers said. “They need to understand these risks not only local, but also abroad.”

AI offers defenses

Amir Landau, captain of the harmful program research team at the defense company Cyberark, told luck Traditional electronic defenses may eventually become insufficient against the threat because Genai, which is used by North Koreans, becomes advanced enough to violate the defense wings of companies. Therefore, what companies have to do to defend themselves requires a fundamental shift in thinking in terms of the amount of confidence and access to companies that grant their employees.

Landau said that the principle of the army and the intelligence of “the basis for the need for knowledge”, which arose during World War II, will become more important. He explained that every developer needs knowledge or access to some assets or documents, even after it was with a company for a certain period of time.

Landau also calls for minimal and limited privileges for developers, giving them a short window of time to work, instead of unlimited access that can make the company at risk at the end.

Landau also said that companies should take some additional measures in the recruitment process. If the applicant submits a reference, do not contact the phone number or a message entitled the email that has been submitted. Search for them and communicate with what you see from the general databases, as he advised. If someone’s personal information looks strange or inconsistent, be careful. Use the Internet to check what you can find for what you were told.

“There are a lot of little things that you can do to defend these threats,” he said.

Landau said that in the end, although small companies are usually more at risk, this does not mean that large companies are not vulnerable to fraud plans. Maeers said as long as IT workers can find work, they will continue to develop their tactics through the use of Genai.

“These are essentially exploited from North Korea, who earn money for the regime,” Mayers said. “As long as they can continue to generate revenues, they will continue to do so.”