- North Korea is responsible for almost half of tech sector cyber intrusions
- IT worker campaigns are hard to spot thanks to AI enhancement
- The funds are being used to help develop new WMDs
A new Crowdstrike report has found nearly half (47%) of state-sponsored attacks against US tech companies came from a single North Korean group.
The group, tracked as Famous Chollima, has launched a string of fake IT worker schemes that use AI tools to enhance the personas of applicants.
The funds from successful intrusions are are a welcome addition to the nation’s highly industrialized economy, and are subsequently used to develop and procure weapons of mass destruction for Kim Jong Un’s regime.
IT salaries paid to develop nukes
North Korea has long relied on cyber activity as a source of funds, with sanctions against the country and a closed-economy resulting in the country being dubbed the ‘Hermit Kingdom’.
Reports of North Korea sneaking into businesses via IT worker applications have been widespread, but the scale of North Korea’s cyber activity has not been fully understood, until now.
The tiny country with its highly developed cyber-arm has a number of notorious groups, such as the Lazarus Group, but many of the IT worker attacks have been attributed to Famous Chollima.
The group conducts its activities by applying for remote tech jobs at western tech firms. They use AI tools to generate new personas, including images, which are then tied to stolen documents such as passports and driving licenses in order to pose as nationals of their target country.
If successful, the job provides the fake worker with a salary that is often thousands of times higher than the average North Korean, with the funds being appropriated by the state. The workers also steal intellectual property and secrets from the companies they work for, using them to advance the regime’s own tech industry or to launch further attacks against their employer.
Upon being exposed, many of the workers will threaten to reveal their identity unless they are paid a fee, which could be paid in order for the company to avoid the negative effects of having hired a sanctioned individual.
