- Microsoft says North Koreans are using advanced AI-powered tools to hide their identities
- The workers get hired by US companies, and then steal their sensitive files
- The US government is cracking down on the campaigns
North Korean hackers, scamming their way into US-based high-profile tech companies, have lately been ramping up their efforts, security experts have warned.
In a recent analysis, Microsoft urged its peers to implement stricter pre-employment vetting measures, and create policies to block unapproved IT management tools.
Further analysis from the US government found these people were working on stealing money for the North Korean government, which then uses it to fund its government apparatus and its weapons program
Arresting the suspects
The US has imposed stiff sanctions on North Korea which, among other things, prevent US companies from hiring North Korean nationals.
As a result, the adversaries have been creating fake personas and using all sorts of tools (including VPNs), to hide their true identities and location, and thus increase their chances of getting hired.
Lately, they’ve increased their efforts and have started using voice-changing software and AI-enhanced documents to boost their credibility.
They’ve also managed to use a person living in New Jersey, who opened up shell companies to trick victims into thinking they were paying a local business. That same person allegedly also helped their overseas peers get hired.
But the gig seems to be up, as the US Department of Justice (DoJ) arrested and accused a US national named Zhenxing “Danny” Wang of running a “years-long” scheme. The effort netted more than $5 million. Another eight people were indicted as well – two Taiwanese and six Chinese nationals. They are all now accused of conspiring to commit wire fraud, money laundering, identity theft, hacking, and sanctions violations.
Besides actually being paid for the work done (which ironically, according to Microsoft, is often stellar), these people also get access to sensitive company data. They sometimes abuse this access by stealing the data and then extorting the company.
One of the biggest and most destructive hacking collectives in the world is the North Korean state-sponsored group Lazarus, which brought billions of dollars to the government through similar schemes. In fact, the entire operation even has a name – “Operation DreamJob”.
Via TechCrunch
