To illustrate the scale of the financial benefits North Korea is achieving through the scheme, prominent cryptocurrency investigator Zachary Wolk, also known as ZachXBT, said a recent investigation found more than $16.5 million in cryptocurrency payments sent to accounts controlled by known North Korean IT workers since January 1, averaging out to nearly $3 million per month. “Based on our review of the repository mentioned previously, North Korean IT workers appear to conduct identity theft and then use AI tools like Faceswap to move their pictures over to the stolen employment and identity documents,” Microsoft researchers said. Microsoft said it suspended 3,000 Outlook and Hotmail email accounts it believed were created by North Korean IT workers as part of a larger effort to help companies address the costly scheme. “We’ve also observed that they’ve been utilizing voice-changing software,” Microsoft explained in a blog post that coincided with two Justice Department indictments charging several North Koreans and at least two U.S. citizens for their role in the IT worker campaign. The repository also contained resumes, email accounts used by the workers, guidelines on how to do their work using VPN accounts, playbooks on how to perpetrate identity theft, manuals on how to obtain jobs on freelancer websites and information on payments made to facilitators. In October, Microsoft’s Threat intelligence unit found a public repository containing actual and AI-enhanced images of suspected North Korean IT workers. The tech giant said it has spent years monitoring North Korea’s campaign to get its citizens hired in IT roles at U.S. companies and recently saw changes in how the campaign operates.
This Cyber News was published on therecord.media. Publication date: Thu, 03 Jul 2025 14:20:10 +0000