North Korean Spies Are Getting US IT Jobs

In May, federal prosecutors announced fraud charges against several people who'd allegedly helped individuals with ties to North Korea secure jobs with over 300 US companies, generating $7 million for Kim Jong Un's regime. But that's just one small part of an ongoing fraud scheme that's seen North Korea pull in hundreds of millions of dollars a year to fund its weapons program despite international sanctions. According to the Wall Street Journal, North Koreans "capitalizing on a post-Covid boom in remote work and advances in generative artificial intelligence" have been hired for "potentially thousands ... of low-level information-technology jobs and other roles in recent years, using stolen identities of foreigners."

KnowBe4, an IT company in Clearwater, Florida, ended up hiring a North Korean man who gave his name as Kyle to fill a remote IT job in July. Kyle, who'd supplied what turned out to be an AI-generated photo of himself, nailed the video interview. KnowBe4 then sent a computer to the address he provided in Washington state. The address was actually home to a middleman who was assisting with the fraud, the Journal reports, adding that Kyle "attempted to deploy malware on his first day," but was caught. "For a cybersecurity company like us to get caught with egg on our face was a big wake-up call," Anna Collard of KnowBe4 Africa tells CIO Africa, which offers tips on how to spot fraudsters.

Cyber operatives like Kyle use laptop farms run by middlemen in the US to log into internal company servers from overseas. They might try to launch cyberattacks or steal intellectual property. Some even provide actual IT support, resulting in a paycheck "at least partially claimed by Pyongyang," per the Journal. "Once we peeled back these onion layers, we realized these IT workers are everywhere," Michael Barnhart, an analyst with Google Cloud's Mandiant cyber-threat division, tells the outlet. Mandiant compiled a list of nearly 800 email addresses believed to be tied to North Korean IT workers and found 10% had been used to apply for jobs, including at a critical infrastructure organization in the US, between February and August, resulting in hundreds of conversations with recruiters. (More North Korea stories.)