Inside the DPRK: Spotting Malicious Remote IT Applicants
Contents
UPDATE
DTEX has issued an updated Insider Threat Advisory (iTA) based on recent i3 investigative findings, introducing new behavioral indicators related to the “DPRK RevGen: Domestic Enabler Initiative.” This initiative involves DPRK deploying skilled IT workers remotely to organizations globally, funding its WMD and missile programs in violation of sanctions.
Key new Potential Risk Indicators (PRIs) include the creation and access to multiple online identities, lateral movement between companies using VDI, unusual system access patterns, frequent access to banking/crypto sites on corporate devices, malicious use of live video streaming utilities, and circumvention of zero-trust network access tools.
- Look out for resume inconsistencies. Included experience with technologies before those technologies had ever existed.
- Suspicious virtual backgrounds could signify a working environment different than that expected of a work from home employee.
- Review log sources from applications like Zoom when conducting the remote interview to determine if the remote worker matches any known indicators.
INTRODUCTION
Democratic …
DTEX has issued an updated Insider Threat Advisory (iTA) based on recent i3 investigative findings, introducing new behavioral indicators related to the “DPRK RevGen: Domestic Enabler Initiative.” This initiative involves DPRK deploying skilled IT workers remotely to organizations globally, funding its WMD and missile programs in violation of sanctions.
Key new Potential Risk Indicators (PRIs) include the creation and access to multiple online identities, lateral movement between companies using VDI, unusual system access patterns, frequent access to banking/crypto sites on corporate devices, malicious use of live video streaming utilities, and circumvention of zero-trust network access tools.
- Look out for resume inconsistencies. Included experience with technologies before those technologies had ever existed.
- Suspicious virtual backgrounds could signify a working environment different than that expected of a work from home employee.
- Review log sources from applications like Zoom when conducting the remote interview to determine if the remote worker matches any known indicators.
INTRODUCTION
Democratic …