You have a fake North Korean IT worker problem

Summary

By now, the North Korean fake IT worker problem is so ubiquitous that if you think you don't have any phony resumes or imposters in your interview queue, you're asleep at the wheel. "Almost every CISO of a Fortune 500 company that I've spoken to — I'll just characterize as dozens that I've spoken to — have admitted that they had a North Korean IT worker problem," said Mandiant Consulting CTO Charles Carmakal during a threat-intel roundtable, admitting that even Mandiant's parent company Google is not immune. "We have seen this in our own pipelines," added Iain Mulholland, Google Cloud's senior director of security engineering. "We've certainly seen applicants that fit into this category with various IOCs [indicators of compromise] that we've shared with partners and peers," Snowflake CISO Brad Jones told The Register. These types of scams, largely originating from North Korea, or at least funneling money back to Pyongyang, have cost American businesses at least $88 million over six years, the Department of Justice said last year. In some cases, the fraudsters use their insider access to steal proprietary source code and other sensitive data, and then extort their employers with threats to leak corporate data if not paid a ransom demand. As US-based companies become more aware of the fake IT worker problem, the job seekers are increasingly targeting European employers, too. Nearly all executives who spoke to The Register in recent months have seen a flood of these types of applicants applying for open positions, most of them in engineering and software development, and all of them remote work. In some instances, the scammers even used deepfake videos in attempts to get hired, including at a security company that uses AI to find vulnerabilities in code. "If they almost fooled me, a cybersecurity expert, they definitely fooled some people," Vidoc Security Lab co-founder Dawid Moczadło told us in an earlier interview. "We believe, at this point, every Fortune 100 and po...