How We Identified Fake North Korean IT Workers Using Identity Matching
Contents
Last year, detailed reports from cybersecurity firms like Mandiant and unsealed federal charges shone a spotlight on the widespread issue of the Democratic People’s Republic of Korea (DPRK) fraudulent remote IT workers.
The flurry of illicit activity piqued our interest at SpyCloud, where we closely track cybercriminal activity and research emerging threats. Our new research shows roughly 10% of Fortune 500 companies interacting and potentially inadvertently hiring DPRK IT workers.
How do we know this? Well, letâs dig in.
How the hiring fraud schemes work
In these schemes, individuals acting on behalf of the North Korean government participate in whatâs broadly become known as hiring fraud, obtaining remote work positions in software engineering and IT under fraudulent identities at US organizations. Their paychecks then presumably go towards funding the North Korean regime. The FBI has also warned that these individuals are increasingly engaging in data-theft extortion against the companies that have inadvertently hired them.
Unfortunately …
The flurry of illicit activity piqued our interest at SpyCloud, where we closely track cybercriminal activity and research emerging threats. Our new research shows roughly 10% of Fortune 500 companies interacting and potentially inadvertently hiring DPRK IT workers.
How do we know this? Well, letâs dig in.
How the hiring fraud schemes work
In these schemes, individuals acting on behalf of the North Korean government participate in whatâs broadly become known as hiring fraud, obtaining remote work positions in software engineering and IT under fraudulent identities at US organizations. Their paychecks then presumably go towards funding the North Korean regime. The FBI has also warned that these individuals are increasingly engaging in data-theft extortion against the companies that have inadvertently hired them.
Unfortunately …