Dozens of Fortune 100 Companies Have Unwittingly Hired North Korean IT Workers (therecord.media) 20
"Dozens of Fortune 100 organizations" have unknowingly hired North Korean IT workers using fake identities, generating revenue for the North Korean government while potentially compromising tech firms, according to Google's Mandiant unit. "In a report published Monday [...], researchers describe a common scheme orchestrated by the group it tracks as UNC5267, which has been active since 2018," reports The Record. "In most cases, the IT workers 'consist of individuals sent by the North Korean government to live primarily in China and Russia, with smaller numbers in Africa and Southeast Asia.'" From the report: The remote workers "often gain elevated access to modify code and administer network systems," Mandiant found, warning of the downstream effects of allowing malicious actors into a company's inner sanctum. [...] Using stolen identities or fictitious ones, the actors are generally hired as remote contractors. Mandiant has seen the workers hired in a variety of complex roles across several sectors. Some workers are employed at multiple companies, bringing in several salaries each month. The tactic is facilitated by someone based in the U.S. who runs a laptop farm where workers' laptops are sent. Remote technology is installed on the laptops, allowing the North Koreans to log in and conduct their work from China or Russia.
Workers typically asked for their work laptops to be sent to different addresses than those listed on their resumes, raising the suspicions of companies. Mandiant said it found evidence that the laptops at these farms are connected to a "keyboard video mouse" device or multiple remote management tools including LogMeIn, GoToMeeting, Chrome Remote Desktop, AnyDesk, TeamViewer and others. "Feedback from team members and managers who spoke with Mandiant during investigations consistently highlighted behavior patterns, such as reluctance to engage in video communication and below-average work quality exhibited by the DPRK IT worker remotely operating the laptops," Mandiant reported.
In several incident response engagements, Mandiant found the workers used the same resumes that had links to fabricated software engineer profiles hosted on Netlify, a platform often used for quickly creating and deploying websites. Many of the resumes and profiles included poor English and other clues indicating the actor was not based in the U.S. One characteristic repeatedly seen was the use of U.S-based addresses accompanied by education credentials from universities outside of North America, frequently in countries such as Singapore, Japan or Hong Kong. Companies, according to Mandiant, typically don't verify credentials from universities overseas. Further reading: How Not To Hire a North Korean IT Spy
Workers typically asked for their work laptops to be sent to different addresses than those listed on their resumes, raising the suspicions of companies. Mandiant said it found evidence that the laptops at these farms are connected to a "keyboard video mouse" device or multiple remote management tools including LogMeIn, GoToMeeting, Chrome Remote Desktop, AnyDesk, TeamViewer and others. "Feedback from team members and managers who spoke with Mandiant during investigations consistently highlighted behavior patterns, such as reluctance to engage in video communication and below-average work quality exhibited by the DPRK IT worker remotely operating the laptops," Mandiant reported.
In several incident response engagements, Mandiant found the workers used the same resumes that had links to fabricated software engineer profiles hosted on Netlify, a platform often used for quickly creating and deploying websites. Many of the resumes and profiles included poor English and other clues indicating the actor was not based in the U.S. One characteristic repeatedly seen was the use of U.S-based addresses accompanied by education credentials from universities outside of North America, frequently in countries such as Singapore, Japan or Hong Kong. Companies, according to Mandiant, typically don't verify credentials from universities overseas. Further reading: How Not To Hire a North Korean IT Spy
Basic steps ignored (Score:2)
Companies don't want to hire U.S. workers because they cost too much.
Companies seek out contractors.
Companies don't use humans to verify resume or CV, instead relying on software to filter candidates.
Companies can't be bothered to do a simple face-to-face interview of the contractors they hire.
Companies find out they've been hiring North Koreans.
Perhaps instead of trying to be efficient, companies could try to be thorough.
contractors are easier to fire, don't have max hou (Score:2)
contractors are easier to fire, don't have max hours rules, have no OT pay
Re: (Score:2)
Re: (Score:1)
I really wonder what fortune 500 company is not doing face-to-face interviews, even over zoom. Seems like this should be really easy to filter out.
Every company that started to practice Diversity Equity and Inclusion (DEI) started to not do in person interviews in order to hide the race name photo of the person including voice changers to hide accents or other qualities to make the process more fair. My wife was on a DEI committee as the minute taker she stopped suggestions when they didn't listen. She quit it after seeing the results. My wife's now former company is now suffering badly with those hires all of those things also hid the body language t
Re: (Score:2)
They didn't discriminate against North Koreans, so I guess those policies worked.
Re: (Score:2)
Perhaps instead of trying to be efficient, companies could try to be thorough.
Try explaining that to a bean counter. Or to a shareholder.
The only reason the world hasn't gone to shit (Score:2)
is that we didn't invent stupid. We're just more aware of our own more than the other other guy's.
For every one of these, there's the Russian Army supply depot that bought cheap shit Chinese truck tires that turn to dust, the Chinese nuclear submarine that sinks under construction, and the North Koreans can't even feed themselves.
Re: (Score:2)
the North Koreans can't even feed themselves.
They actually can, it's just that for them food is lower priority than weapons.
Only the food for comrade Kim is higher priority than weapons.
Bullshit they know what they're doing (Score:2)
The simplest background checks in the world would have set off dozens of red flags here and I'm sure that they were done and that they did and that the company ignored the
This is only the ones that have been caught (Score:2)
It's only safe to assume it's a lot worse. The ones they haven't found are a much bigger problem.
I think I almost hired one (Score:2)
So, I had a short-term software dev job that needed to be done and a limited budget. I advertised it on upwork. It paid $60/hour. I initially limited it to US only. Nobody applied. I wasn't surprised. The requirements were tough. People with the matching skills make $200/hr in the US. I then removed the geography limit and I had about a 100 people apply. I interviewed 8 people. A surprisingly number of them were Asian-looking people pretending to be from somewhere else. A popular thing was to pre