Identity Theft and Use of Generative AI and Laptop Farms
Targeting Broadcasters, Technology, and Defense Companies
A warning has been issued about ‘fake IT workers’ originating from North Korea. North Korean IT workers are using generative artificial intelligence (AI) to disguise themselves as Americans and secure remote jobs at U.S. companies. This trend has expanded further as remote work has increased since the COVID-19 pandemic.
On the 5th (local time), The Wall Street Journal (WSJ) reported that the cybersecurity company KnowBe4 hired a remote worker named Kyle in July, who was later revealed to be a disguised North Korean IT worker.
Stu Sjouwerman, CEO of KnowBe4, stated that Kyle was hired based on a recommendation from a third-party recruitment site. Kyle was proficient in the programming languages required by the company and appeared passionate and honest during the video interview.
However, on Kyle’s first day, an attempt to deploy malicious software on the company’s servers was detected by internal security alerts. KnowBe4 identified Kyle as a fake job applicant and reported the case to the Federal Bureau of Investigation (FBI). It was discovered that the photo posted on Kyle’s social networking service LinkedIn was manipulated using generative AI.
According to industry sources, the number of disguised North Korean IT workers has surged over the past two years. U.S. government officials and security researchers have stated that with the rise of remote work after COVID-19 and advancements in generative AI, North Korean workers have stolen identities to secure hundreds or thousands of IT jobs. WSJ noted, “In the past, North Korea stole intellectual property through cyber spies, but now, instead of simply hacking networks, they secretly work remotely and receive salaries.”
Tech startup Cynder reported receiving dozens of fake applications since early 2023, estimating that up to 80% of applications on some recruitment sites were from North Korean agents using stolen identities. Declan Cummings, Cynder’s head of engineering, mentioned that some applicants cut off contact when Cynder’s co-founders mentioned their past work at the U.S. Central Intelligence Agency (CIA) during interviews.
North Korean disguised workers use ‘laptop farms’ operated by intermediaries in the U.S. to avoid suspicion from companies. Using laptop farms makes it appear as if they are accessing the company’s internal servers from within the U.S.
Last month, the U.S. federal prosecutors announced the arrest of Matthew Nutt from Tennessee on charges of operating a laptop farm from his home and receiving commissions. North Korean IT workers have used this method to gain employment in media, technology, and financial companies.
Google Cloud Mandiant shared over 800 email addresses suspected to belong to North Korean IT workers with private sector security partners earlier this year. About 10% of these accounts were used for job hunting between February and August, and they engaged in 236 conversations with recruiters.
In May, federal prosecutors charged a woman residing in Arizona and a Ukrainian man with operating a laptop farm that helped North Korean IT workers secure jobs at more than 300 U.S. companies. During this process, North Korean IT workers stole the identities of over 60 Americans and transferred $6.8 million (approximately 910 million KRW) in earnings to North Korea. Their targets included broadcasters, Silicon Valley tech companies, aerospace and defense firms, automobile manufacturers, and media companies.
According to the U.S. Department of Justice, North Korea secures hundreds of millions of dollars annually through these activities, evading international sanctions to fund nuclear weapons and ballistic missile development.
In March, the United Nations Security Council’s North Korea Sanctions Committee expert panel estimated that North Korean IT workers earn approximately $250 million (about 333.6 billion KRW) to $600 million (about 800.7 billion KRW) annually through these means.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
