North Korea's Employment of Artificial Intelligence in Remote Work Schemes Revealed in CrowdStrike Report - Over 320 Instances Documented in the Past Year, Financing the Nation's Arms Development
In a significant development, U.S. authorities and cybersecurity firm CrowdStrike have highlighted the growing threat of North Korea's AI-supported tech worker schemes in telecommunications and other tech companies. These schemes involve the use of AI-generated fake resumes, deepfake video identities, and AI-powered translation tools to secure remote employment and steal sensitive data.
To combat this threat, the following measures and recommendations have been proposed:
- Strengthening hiring processes: Employers are urged to enhance their hiring processes for remote employees, contractors, and vendors. This includes implementing more robust identity verification methods to detect fraudulent identities and resumes generated through AI.
- Increased vigilance and monitoring: Companies should remain vigilant and monitor their remote workers for suspicious activities such as unusual patterns in communication, code access, or multitasking across multiple jobs. These operatives often use generative AI to manage workflows and communications.
- Prompt reporting of suspicious activities: Any suspicious activities should be reported to law enforcement agencies, such as the U.S. Department of Justice, which actively disrupts these schemes.
- Voluntary self-disclosure to the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC): Companies are encouraged to voluntarily disclose if they suspect payments to North Korean IT workers or intermediaries to comply with sanctions and reduce legal risks.
These recommendations stem from CrowdStrike's research, which revealed over 320 investigated incidents over the past year where North Korean operatives obtained fraudulent employment. The U.S. Department of Justice has also confirmed that these workers have stolen proprietary data, source code, and extorted companies, causing millions in damages.
The hackers are using enhanced AI tools to automate and optimize their workflows, including GenAI-powered code assistants and translation tools. They are not fluent in English and often hold multiple jobs simultaneously. Google reported an uptick in activity related to these North Korean tech worker efforts in March.
Despite the efforts to expose these schemes, North Korea continues to get away with this activity. U.S. officials started issuing warnings about these schemes in 2022, and in July, the U.S. Justice Department made a flurry of arrests, sanctions, and investigations related to North Korea's fake tech workers.
CrowdStrike recommends implementing enhanced identity verification processes during the hiring phase and real-time deepfake challenges during interviews or employment assessment sessions to identify these imposter hackers. The imposter hackers are found working in various companies, including those in the North American telecommunications sector.
This issue is underscored by CrowdStrike's latest Threat Report, which also includes information about China's increased targeting of North American telecommunications companies and Russia's continued cyberespionage support for Ukraine's invasion.
The additional security measures incur additional costs, and it is expected that North Korea will find ways to circumvent them. Nevertheless, a coordinated defense strategy focusing on meticulous employee verification, heightened threat monitoring, inter-agency reporting, and regulatory compliance is crucial in mitigating the increasing threat of AI-enhanced North Korean cyber espionage and insider threat schemes within telecommunications and broader tech sectors.
In this context, it's vital to incorporate artificial-intelligence technologies into the hiring process to detect AI-generated fake resumes and identify potential imposter hackers. Furthermore, companies should utilize AI to monitor their remote workers for suspicious activities, as North Korean operatives are using AI-powered tools to optimize their workflows and steal sensitive data.
