North Korean threat actors have been unknowingly employed by dozens of organizations on the Fortune 100 list for remote IT positions, according to The Record, a news site by cybersecurity firm Recorded Future.
U.S.-based laptop farms have been leveraged by North Korea to ensure the employment of North Korean IT workers, who are mostly located in China or Russia, with the devices connected to various remote management tools, a report from Google's Mandiant showed.
Additional findings revealed that the workers not only had similar resumes with U.S.-based addresses and non-North American education credentials, most of which had poor English, but also had poor work quality.
Such a scheme, which was advanced by the UNC5267 threat operation, not only serves as a revenue-generating effort for North Korea but also enables critical network access that could facilitate extensive compromise, noted Mandiant Chief Technology Officer Charles Carmakal. Aside from conducting more extensive background checks and mandatory on-camera interviews for employees, organizations should also prohibit remote admin tools and VPN systems, said researchers.