North Korean IT worker scam is now a threat to all companies, cybersecurity experts say | The Record from Recorded Future News

Since disruptions began last year and law enforcement has publicly warned companies of the practice, DTEX’s Barnhart and others said they have seen some workers try to extort companies or hand off their access to more sophisticated North Korean hacking groups who deploy malware on company systems, steal data or siphon millions in cryptocurrency. At an RSA panel on Monday featuring FBI assistant director Bryan Vorndran and several other law enforcement officials, Crowdstrike’s Adam Myers said they have seen situations where North Korean IT workers have spent up to 14 months inside an organization — often doing the work somewhat adequately. Mandiant’s Carmakal echoed much of Barnhart’s assessments during a Google press briefing, noting that in their incident response situations, they dealt with hackers who reached out to companies in extortion attempts using data that a suspected North Korean IT worker had obtained. Last October, as law enforcement disrupted laptop farms and warned companies of workers in their employee pool — many IT workers handed off their access to more senior officials who either conduct malware focused cyberattacks or attempt to extort companies for a final payout. Recorded Future News spoke to and heard from dozens people on every side of the issue — from incident responders helping companies that hired them to researchers embedded in the chat rooms where DPRK workers provide updates to senior officials. Charles Carmakal, CTO of Google security company Mandiant, said he has spoken to chief security officers at many Fortune 500 companies and nearly every one admitted they have hired at least one North Korean IT worker. Google officials noted that they have seen North Korean IT workers attempt to get hired at the company. “The thing that really worries us is that there are hundreds of Fortune 500 organizations that have hired these North Korean IT workers,” Carmakal said. To illustrate this, cybersecurity expert Michael Barnhart said he recently found evidence that a U.S. political campaign in Oregon hired a North Korean IT worker. When the North Korean IT workers are initially fired, they demand access back before escalating to threatening the sale of sensitive data to competitors. “If you're hiring contract workers, you either are interviewing or have already hired a North Korean,” Rubin said. SAN FRANCISCO — North Korea’s ability to surreptitiously slip thousands of its workers into Fortune 500 companies was a main focus for cybersecurity professionals at this year’s RSA Conference. There are North Korean squads whose sole job is to get IT workers through every step of the hiring process, using AI to create the perfect resumes and providing answers during technical interviews.

This Cyber News was published on therecord.media. Publication date: Thu, 01 May 2025 19:50:15 +0000