DPRK IT Worker Scam: Mitigation Steps for Hiring Teams
Contents
Threat Analysis
How To Proactively Mitigate The DPRK IT Worker Employment Scam
Executive Summary
Nisos is tracking a network of likely North Korean (DPRK)-affiliated IT workers posing as Singaporean, Turkish, Finnish and US nationals with the goal of obtaining employment in remote IT, engineering, and full-stack blockchain positions. Through our research and client work we have detected and identified a number of fake personas since 2023. Successful mitigation of the risk relies on an improved vetting process for external remote candidates, which heavily relies on open-source intelligence (OSINT) checks of portfolio content and contact information, as the network re-uses this information. To assist security teams and business leaders with protecting their organizations and their clients, Nisos provides several steps that we recommend businesses implement in their hiring process to mitigate the DPRK-affiliated IT worker threat. Nisos also provides examples of how we used OSINT to identify four active fake personas. Karl Chong, currently …
How To Proactively Mitigate The DPRK IT Worker Employment Scam
Executive Summary
Nisos is tracking a network of likely North Korean (DPRK)-affiliated IT workers posing as Singaporean, Turkish, Finnish and US nationals with the goal of obtaining employment in remote IT, engineering, and full-stack blockchain positions. Through our research and client work we have detected and identified a number of fake personas since 2023. Successful mitigation of the risk relies on an improved vetting process for external remote candidates, which heavily relies on open-source intelligence (OSINT) checks of portfolio content and contact information, as the network re-uses this information. To assist security teams and business leaders with protecting their organizations and their clients, Nisos provides several steps that we recommend businesses implement in their hiring process to mitigate the DPRK-affiliated IT worker threat. Nisos also provides examples of how we used OSINT to identify four active fake personas. Karl Chong, currently …