Reuters on Tuesday published disturbing revelation How thousands of North Koreans have been hacked to death using fake names, fake profiles on services like LinkedIn, and interview scripts designed to make them look like they are not subjects of psychotic communist tyranny. Explain how you were able to get a job at a foreign high-tech company.
The Justice Department acknowledged Wednesday that a major investigation into the scheme has been underway for some time.
There is an element of black comedy in the Reuters report, as if it were very easy for dictator Kim Jong Un’s serfs to fool Western human resources departments into thinking they were legitimate job applicants from free countries. It sounded like.
For example, reporters obtained canned interview scripts that ordered North Koreans to say things like, “People have the freedom to express their ideas and opinions!” I told the interviewer exactly what I wanted to hear about a healthy “company culture.” The script included various prepared excuses as to why the disguised North Korean applicant would need to work in a remote location.
Combined with convincing fake resumes and doctored social media profiles, such tactics were enough to defeat the vetting processes of countless information technology companies.
The interview draft is not covered An American cybersecurity company called Palo Alto Networks was investigating a plot by hackers to trick software companies into installing malware on their systems by posing as job applicants. Palo Alto researchers have dubbed this tactic “contagious interviewing.”
A contagious interview attack typically begins with a fake job applicant convincing an employer to interview them online using the hacker’s video conferencing platform of choice, typically GitHub, a popular collaboration platform. Masu. Employers who accepted this offer found themselves downloading a package of malware disguised as “Click here to connect” software.
Some of the Contagious Interview hackers were also reportedly able to persuade potential employers to download and install the software they created in order to evaluate the quality of their coding work. In both scenarios, the employee unknowingly allowed the hacker to open a backdoor into the system and do further mischief.
An examination of the infrastructure built to support the still-threatening “Contagious Interviews” campaign suggests that it was designed and sponsored by the North Korean government.
In the course of conducting this investigation, Palo Alto Networks discovered another North Korean program called Wagemole, which is even more bizarre and ambitious.There was actually a fake North Korean involved in Wage Mall. accept As has become more common since the Wuhan coronavirus pandemic, we are increasingly working with companies in the US, Europe, and Asia and working remotely.
Cybersecurity detectives have uncovered a “trove of information” used in the Wagemole campaign. It includes “resumes with various technical skill sets and multiple identities impersonating individuals from different countries,” as well as “common job interview questions and answers, interview scripts, and downloadable This includes job postings. From a US company. ”
Palo Alto Networks has discovered a cache of data accidentally left unsecured by North Korean hackers. It included “identification documents for 14 people, forged U.S. green cards, interview scripts, and evidence that some workers purchased access to legitimate online profiles to look better.” The real thing. “
North Korean leader Kim Jong Un and his daughter inspect a missile launch site at Pyongyang International Airport in Pyongyang, North Korea, Friday, November 18, 2022. (Korean Central News Agency/Korea News Agency, Associated Press)
Although researchers could not determine whether Wagemole operatives were planting malware on their employers’ systems or stealing intellectual property, a significant portion of their salaries were spent on illegal It seemed clear that the money, including nuclear missile funds, had been seized by the Pyongyang regime for personal use. program.
A North Korean IT worker who participated in the Wage Mall project told Reuters that he and his comrades were expected to find jobs paying at least $100,000 a year. The communist regime skimmed off at least 30 percent of workers’ wages and charged up to an additional 60 percent for “expenses,” leaving workers with between 10 and 30 percent of their income. is still far more than they can afford. Earn money in North Korea.
“I worked to earn foreign currency. It differs from person to person, but once you get a job, you can basically work remotely for as little as six months or as long as three to four years. I can’t find a job. “It’s time to go freelance,” he said.
Reuters said it had found “further evidence in leaked dark web data” that North Koreans were fraudulently securing jobs in “Chile, New Zealand, the United States, Uzbekistan and the United Arab Emirates.” . A security firm called Constella Intelligence discovered one North Korean who had active accounts on more than 20 different websites for IT freelance workers.
The obvious risk for North Korea was that sending its captured citizens to work for foreign tech companies could expose them to challenging ideas and forbidden news, but North Korea told Reuters People said the risk was reduced through extensive training and monitoring.
United States Department of Justice (DOJ) announced On Wednesday, it announced that “thousands” of IT workers contracted by U.S. companies had “sent millions of dollars of their wages to North Korea for use in its ballistic missile program.”
At a press conference in St. Louis, FBI officials said that some North Korean IT workers are actually based in China and Russia, and that they are “deceiving companies in the United States and elsewhere into hiring freelance remote workers.” The purpose is to have them employed as employees.” This presumably helps them evade security measures that could detect emails and online connections originating from North Korea.
FBI Special Agent Jay Greenberg said some North Koreans took the additional step of “paying Americans to use their home Wi-Fi connections” to defraud their employers.
Greenberg said it is “likely” that every U.S. company that employs freelance IT workers employs at least one North Korean under false pretenses.
“At a minimum, the FBI recommends that employers take additional proactive steps with remote IT employees to make it harder for malicious actors to hide their identities,” he said. “There is,” he said.
The Department of Justice announced that 17 domain names and $1.5 million in funds were seized as part of the investigation.
Associated Press (AP) pointed In evidence that the U.S. government was aware of North Korea’s plans long before Palo Alto Networks exposed the data trove, the State Department and the Treasury Department announced in May 2022 that North Koreans were “trying to obtain employment under false pretenses.” He pointed out that he had warned that there was. He is a non-North Korean citizen. ”
John Hultquist, a cybersecurity expert at Mandiant, said the plan started at least a decade ago, but accelerated after the coronavirus pandemic.
“In a post-COVID world, I think there will be more opportunities for them because freelancing and remote employment are a much more natural part of business than they were before,” Hultquist he told The Associated Press.
