North Korean IT workers are posing as Americans to score coveted remote jobs and use the salaries to pay for their country's missile program.

Why it matters: Remote hiring practices have made it dangerously easy for North Korean IT workers to dupe hiring managers who historically had relied on in-person interviews to detect imposters.

• These issues could be exacerbated as AI technologies get better at creating more realistic deepfake video and audio.

Driving the news: Federal prosecutors charged an Arizona woman and four other people last week with facilitating an elaborate North Korea-linked scheme to help their IT workers pose as U.S. citizens and secure remote tech jobs.

• Workers landed jobs at more than 300 U.S. companies — including an aerospace manufacturer, a U.S. automaker, a Silicon Valley tech company and other Fortune 500 companies — as part of this specific scam.
• North Koreans used the identities of more than 60 U.S. people in their job applications and relied on virtual private networks to disguise their computers' actual locations. The workers are linked to the regime's Munitions Industry Department, which oversees its ballistic missiles and weapons production programs, according to the State Department.
• In total, this specific scheme generated at least $6.8 million in revenue.

What they're saying: "The scary part is that this is just sort of the tip of the iceberg," Greg Lesnewich, senior threat researcher at Proofpoint, told Axios.

• "This is probably happening around the world and at a greater scale than we might be prepared to deal with."

Threat level: The U.S. government has been warning American companies for at least two years about North Korean IT workers trying to get hired in remote jobs.

• The idea is simple: U.S. and other Western companies offer higher salaries, and posing as Americans can allow North Koreans to bypass U.S. and United Nations sanctions that otherwise keep them from being hired.
• Specifically, North Korean workers have been looking for freelance employment contracts in North America, Europe and East Asia, the U.S. has warned.
• Complicating matters, many of these North Korean IT workers have also been expatriates based in China and Russia.

Between the lines: It's easier to bypass traditional identity verification tactics when interviewing for a job through video and phone calls, Lesnewich noted.

• It can be tough for companies to determine when an employee's online activity is considered malicious, especially if they're a freelancer who is with the company for only short periods of time.

Zoom in: Generative AI tools have also made it easier for North Korean IT hires to craft believable resumes, Dmitri Alperovitch, co-founder and chairman of Silverado Policy Accelerator, said during a panel at the accelerator's summit this month.

• In one recent case, a worker created a resume that claimed they had worked at Amazon and Meta, and they aced the interview process and technical test, Alperovitch said.
• The only red flag was the person would take about 30 seconds to answer a question — which in a virtual world could just mean there was a lag on the call.

What we're watching: North Korea's cyber operations have always been trendsetters — and this latest scam could inspire other groups to follow suit, Alperovitch warned.

• "North Korea is a pioneer in the U.S. right now for collecting a paycheck," he said. "It's a matter of time before ransomware crews, other nation-states pick this up."

Google has published new security recommendations and a detailed white paper scrutinizing Microsoft's cybersecurity practices after a pair of nation-state attacks in the last year.

Why it matters: Google is trying to poach some of Microsoft's coveted government customers.

• Google is also offering a new Google Workspace program to help government customers move away from legacy systems like Microsoft's.

Driving the news: Ever since the release of the Cyber Safety Review Board's report on Microsoft's security practices, competitors have been lining up to take jabs at the Big Tech company.

• The CSRB wrote in April that last summer's Chinese hack into Microsoft's systems was "preventable and should never have occurred."
• CrowdStrike and Trellix both have pages on their websites dedicated to winning over Microsoft customers. CrowdStrike recently updated its page to include quotes from the CSRB's report.

Zoom in: Now, Google has joined the mix with a blog post released yesterday from Jeanette Manfra, Google Cloud's senior director of global risk and compliance, and Charley Snyder, Google's head of security policy.

• Google also published a 14-page white paper detailing how it assumes Microsoft was breached last summer and the security principles Google follows.
• The blog post details Google's "recommendations" for resolving the problems laid out in the CSRB report — each of which would benefit Google's own government services.
• Google wants the federal government to work with tech vendors other than Microsoft and to purchase products that already adhere to "secure-by-design" principles.

The big picture: Microsoft has been facing a deluge of scrutiny from lawmakers, government officials and competitors in the weeks since the CSRB report.

• House lawmakers are actively working with Microsoft to determine a date for a potential congressional hearing on the matter.
• Competitors have also been vocal about a decision the Pentagon is weighing to upgrade its Microsoft licenses as it transitions to zero-trust security principles.

The other side: Microsoft has already unveiled its plans to rectify some of the security issues that led to the recent breaches.

• Microsoft CEO Satya Nadella also sent a memo to staff directing them to prioritize cybersecurity over fast production cycles.

@ D.C.

⚠️ The Environmental Protection Agency warned that cyberattacks against water utilities are becoming more frequent and more severe. (Associated Press)

🏛️ National consumer advocacy groups are hoping to model their state privacy lobbying efforts after the work done to pass Vermont's new, tough law. (Politico)

⛴️ State Department officials have been warning U.S. telecommunications providers that undersea cables could be vulnerable to tampering by a Chinese state-controlled repair company. (Wall Street Journal)

@ Industry

💰 Israel-based CyberArk is purchasing identity management company Venafi from Thoma Bravo in a deal valued at $1.54 billion. (TechCrunch)

🖥️ Microsoft unveiled a new Windows 11 feature called Recall that lets you find anything you ever looked at on your PC, but you can choose to exclude specific websites or apps. (Axios)

📡 Ukrainian telecom provider Kyivstar anticipates spending $90 million to recover from last year's suspected Russian cyberattack. (Reuters)

@ Hackers and hacks

🚔 The Department of Justice says agents recently arrested the alleged owner and operator of Incognito Market, a dark web marketplace known for selling narcotics online. (BleepingComputer)

🏥 Ascension, a nonprofit health care network that includes 140 hospitals, is facing five proposed class action lawsuits tied to the impact of its recent ransomware attack. (Bloomberg Law)

See, not all hacking is malicious — just ask these two UC Santa Cruz students, who found a flaw in an internet-connected laundry machine that lets them avoid paying for each load 🫡. (H/t to our friends at Axios AI+.)