Security Staff Acquisition & Development, Threat Intelligence

Inadvertent North Korean IT worker hiring prevalent among Fortune 100 firms

Share
North Korean remote IT worker scam

North Korean threat actors have been unknowingly employed by dozens of organizations on the Fortune 100 list for remote IT positions, according to The Record, a news site by cybersecurity firm Recorded Future.

U.S.-based laptop farms have been leveraged by North Korea to ensure the employment of North Korean IT workers, who are mostly located in China or Russia, with the devices connected to various remote management tools, a report from Google's Mandiant showed.

Additional findings revealed that the workers not only had similar resumes with U.S.-based addresses and non-North American education credentials, most of which had poor English, but also had poor work quality.

Such a scheme, which was advanced by the UNC5267 threat operation, not only serves as a revenue-generating effort for North Korea but also enables critical network access that could facilitate extensive compromise, noted Mandiant Chief Technology Officer Charles Carmakal. Aside from conducting more extensive background checks and mandatory on-camera interviews for employees, organizations should also prohibit remote admin tools and VPN systems, said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.