Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

Dozens of Fortune 100 companies have unknowingly hired North Korean IT workers

North Korean flag made of binary code.

New research from Mandiant has revealed workers from the Democratic People’s Republic of Korea (DPRK) have been posing as other nationalities in order to get hired by Western companies and infiltrate their systems.

One facilitator was found to have been helping IT workers use the stolen identities of over 60 US citizens at more than 300 companies, which resulted in over $6.8 million of revenue to be earned for the DPRK IT workers between 2020 and 2023.

The US Justice Department has reportedly arrested and charged several US citizens for running ‘laptop farms’, which would house the equipment US companies would send to new 'employees'. Once received, a facilitator would install remote access technology, which would allow the North Koreans to log in from overseas.

Stolen credentials

The tactic was first deployed in 2022, when the US government issued an advisory warning that workers from the DPRK were using remote employment opportunities to gain privileged access and enable malicious cyber activity.

By using ‘front companies’, thousands of individuals were able to earn salaries, sometimes at multiple companies, seemingly to generate revenue for the DPRK. The access the workers gained into US tech companies could then be used for intrusions or cyberattacks.

“The biggest concern I have is what happens if these threat actors go undetected long enough and are eventually given an order by the North Korean regime to launch a wide scale attack," said Mandiant Principle Analyst, Michael Barnhart.

Although this sounds a bit far-fetched, it's not the first time that threat actors from the DPRK have used the job market to deceive unsuspecting westerners. It was reported earlier this year that cyber criminals from the DPRK posted fake job adverts to trick candidates into downloading malware.

To mitigate the risks, Mandiant recommends spot checks where remote employees are required to be on camera, training employees on how to spot suspicious activity, and requiring US bank accounts for all financial transactions - as US accounts require a strict verification process.

Via The Record

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.