Terrible new fronts have emerged in a very successful employment program in which training was trained North Korean employees Get jobs from companies around The globe under fake or stolen identities.
The number of companies that rented North Korean software developers have grown astonishing 220% in the past 12 months – and most of their success is due to automate and optimize the workflow, which is affected in the creation of technical jobs, and crowdstrikes 2025 threats on Monday unveiled. The IT employees infiltrated more than 320 companies in the past 12 months.
Set to level: the North Korean IT worker program is a great conspiracy to escape punish financial sanctions About the Democratic People’s Republic of Korea due to the authoritarian ruler Kim Jong us from’s Human rights abuse And relentless search for weapons of mass destruction. To avoid sanctions and make money to keep them Financing of his nuclear programNorth Korea now trains young men and boys in technology, sends them to Elite schools in and around Pyongyang and will then be used in teams in four or five years, including China, Russia, Nigeria, Cambodia and the United Arab Emirates.
Employees must earn 10,000 US dollars per month, according to A DefectorAnd have managed to do this by doing remote jobs in the USA and European companies and at the same time earning good salaries. Show court files. Since 2018 the A estimatesThe program has generated between 250 and 600 million US dollars a year in the back of thousands of North Korean men.
For the Fortune 500The IT worker program was one flashing red warning About the development of Employment woman Plans. Court files show that hundreds of Fortune have unknowingly hired thousands of North Korean IT employees in recent years. In some cases, the IT worker scheme is all about creating stable income For the regime. In other cases, FBI investigators have found Proof IT employees share information with more malicious hackers who have stolen almost 3 billion US dollars Cryptoafter the United Nations.
Under victory
The investigation of crowdstrike showed that North Korea’s technology worker, an opponent crowdstrike, “Famous Chollima” used to scale every aspect of the operation. The North Koreans used generative AI to help them Synthetic identitiesPresent Change photosAnd create technical tools to research jobs and follow and manage their applications. North Koreans used in interviews to Mask your look In video calls, Guide them When answering questions and punishing the technical coding challenges in connection with the obtaining software jobs.
They are now critical of AI to help them to be more fluent in flowing English and in the companies in which they are interviewed. As soon as they have been set, the IT employees use KI chatbots to support their daily work -who react in loose e -mails and have designed e -mails -to ensure that their written offers sound technically and grammatical and help them to keep several jobs at the same time, Crowdstrike.
“Famous Chollima employees are very likely to use real-time detail technology to hide their true identities in video interviews,” the report says. “With a real-time envelope plausible, a single operator can involve various synthetic personas for the same position several times to improve the chances that the operator will be set.”
The North Korean IT employees have observed crowdstrike investigators who are looking for AI facial focus applications and pay premium prices for subscriptions for Deepfake services during active operations.
“Laptop Farms” moves beyond us borders
Adam Meyers, Senior Vice President of Crowdstrikes Counter operations, told Assets His team generally examines an incident in one day in connection with the North Korean IT worker program. The program has expanded beyond that as a US criminal prosecution authorities cracked on domestic operations with charges and AdviceAnd since more US companies have tightened their security practices and enlarged their defenses.
Last month was a 50-year-old Arizona woman, Christina Chapman, sentenced Up to 8.5 years in July in July afterwards guilty For their role in the work of a “Laptop farmFrom your house. The prosecutors said they had accepted and maintained 90 laptops And installed remote access software so that North Koreans could work for US companies, according to the prosecutors. The authorities unveiled Chapman’s operation alone helped the workers to receive 309 jobs who achieved income of $ 17.1 million through their salaries. Almost 70 Americans had stolen their identity in the operation, the authorities said. These not only attacked smaller companies with a loose setting infrastructure. Nike was one of the companies concerned, according to the victim’s statement in Chapman. The sneaker and activewear giant unintentionally hired a North Korean operational associated with Chapman. Nike did not react AssetsInquiries for comments.
“The US criminal prosecution authorities have their ability to operate the laptop farms, so that it is becoming more and more expensive or more difficult to get remote jobs in the United States,” she said to other places. “You get more traction in Europe.”
Meyers said that Crowdstrike founded new laptop farms in Western Europe to Romania and Poland, which means that the North Korean workers in these countries are typically delivered to farmers in these countries and then in laptops. The program is the same as in the United States: an allegedly Romanian or Polish developer will interview an interview with a company, and a laptop is delivered to these countries to a known destination for laptop farm, he said. In other words, instead of shipping devices and onboarding materials to an actual resident in which the supposed developer works, the laptop is sent to a well -known farm address in Poland or Romania. As a rule, the apology is the same type that has proven to be effective in US companies, said Meyers. The developer will claim to have a medical or family emergency that requires a change in the shipping address.
“Companies have to remain vigilant if they hire abroad,” said Meyers. “You have to understand that these risks exist not only in Germany, but also in overseas.”
AI progress will neutralize the defense
Amir Landau, head of the malware research team at the defense company Cyberark, told Assets The traditional cyber defense should ultimately not be sufficient against the threat of how Genai is used by the North Koreans, to break through the defense stations of the companies. What companies have to do to defend themselves therefore requires a fundamental change in thinking about how much trust and access to companies give their own employees.
The military and intelligence principle of knowing a “need” that comes in World War II is becoming more important, said Landau. Not every developer must have knowledge or access to a certain period of time for certain assets or documents, he said.
Landau is also committed to the minimum and time authorization for developers and gives them a short time window for work instead of an unlimited access that could ultimately make a company susceptible.
Landau also said that companies should take some additional Common -ense measures in the setting process. If an applicant gives a reference, do not call the telephone number or a message to the E -Mail address you receive. Take a look and get in touch with what you see from public databases, he advised. If someone sounds bizarre or inconsistent, pay attention. Use the Internet to check what you can find, what you can find out.
“There are many small things that you can do to defend yourself against these threats,” he said.
And ultimately, this does not mean that small companies are usually more susceptible, but not that larger companies are not susceptible to fraud programs, said Landau. Meyers said that as long as IT workers can find work, they will further develop their tactics by using Genai.
“Basically, these are exploited people from North Korea who make money for the regime,” said Meyers. “As long as you can continue to achieve income, you will continue to do so.”
