Fake IT worker schemes expand beyond North Korea
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
A second cybersecurity company has detected a fake IT worker trying to infiltrate its ranks — but this time, the job applicant wasn't from North Korea.
Why it matters: Officials have been focused on the threat North Korea-based IT workers pose to U.S. companies.
- But the latest case study suggests bad actors are now taking up North Korea's tactics to conduct espionage or finance their own government programs.
The big picture: Since 2022, the U.S. government has been warning that North Korean IT workers are posing as Americans to evade sanctions and land coveted, high-paying remote jobs to help pay for the country's missile program.
- These job applicants often steal legitimate Americans' identities and use AI tools to obfuscate their voices or change their likenesses in video calls to go undetected.
Driving the news: HYPR, an identity protection and passwordless provider, said in a blog post Thursday that after doing multiple live video interviews, it hired someone who was posing as an Eastern European software engineer.
- However, the company spotted several red flags while onboarding the person: He submitted documents from a location at least 300 miles from his reported home address. He declined to appear on video during calls. And he failed a separate facial recognition test.
- The employee ended up leaving the role before HYPR could finish onboarding him or even provide any login credentials for its systems, according to the blog post.
Catch up quick: KnowBe4, a popular cybersecurity training platform, fell victim to a North Korean IT worker scam in July.
- In that case, the employee received a corporate laptop and attempted to transfer suspicious files.
What we're watching: Insider threats have become a top concern across the cybersecurity, cryptocurrency and AI industries.
- How widespread these threats are has yet to be determined.
