DPRK Remote Workers Hiring Scheme: Lessons Learned
Contents
Blog
DPRK Remote Workers Hiring Scheme: Lessons Learned
In mid July 2024, a US security awareness training company revealed that it unwittingly hired a North Korean hacker using a stolen identity for a remote Principal Software Engineer position. This example of a successful employment fraud is one of many in which the Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea) information technology (IT) workers successfully used fake personas and stolen identities of American citizens to fraudulently obtain remote employment from unwitting companies in the United States. Nisos previously published a research post in December 2023 warning companies of the fraudulent employment scheme, in which Nisos investigators revealed the tactics, techniques, and procedures (TTPs) of these threat actors. As a follow up to that information Nisos investigators provide further insight into the best practices to consider when conducting interviews and vetting applicants to better protect themselves from unauthorized access to sensitive company …
DPRK Remote Workers Hiring Scheme: Lessons Learned
In mid July 2024, a US security awareness training company revealed that it unwittingly hired a North Korean hacker using a stolen identity for a remote Principal Software Engineer position. This example of a successful employment fraud is one of many in which the Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea) information technology (IT) workers successfully used fake personas and stolen identities of American citizens to fraudulently obtain remote employment from unwitting companies in the United States. Nisos previously published a research post in December 2023 warning companies of the fraudulent employment scheme, in which Nisos investigators revealed the tactics, techniques, and procedures (TTPs) of these threat actors. As a follow up to that information Nisos investigators provide further insight into the best practices to consider when conducting interviews and vetting applicants to better protect themselves from unauthorized access to sensitive company …