Infiltrations of North Korean IT workers have exploded by 220% in the last 12 months, Genai has armed at each stage of the job process

The number of companies that have hired North Korean software developers have increased by 220% in the past 12 months – and most of their success is due to automation and optimization of the workflow involved in fraudulent obtaining and the occupation of technological jobs, revealed the Crowdsstrike threat hunting report published on Monday. IT workers have infiltrated more than 320 companies in the past 12 months.

To Level SET: The North Korean IT program program is a vast conspiracy to escape financial sanctions for punishment from the Democratic People’s Republic of Korea due to the human rights violation of the authoritarian sovereign Kim Jong one and the relentless quest to develop weapons of mass destruction. To dodge sanctions and earn money to continue to finance its nuclear program, North Korea now forms young men and boys in technology, sends them to elite schools in Pyongyang and on travel, then deploys them in four or five teams in the places of the world, including China, Russia, Nigeria, Cambodia and United Arab Emirates.

Workers are each required to win $ 10,000 a month, according to a defector, and have managed to do so by obtaining distant jobs by doing a job with us and European companies while earning good wages, according to the judicial archives. Since 2018, the UN estimates that the program has generated $ 250 million to $ 600 million a year on the back of thousands of North Korean men.

For fortune 500, the IT workers’ program was a flashing red alert on the evolution of employment fraud regimes. Judicial files show that hundreds of fortune companies 500 have hired thousands of North Korean IT workers without knowing it in the last years. In some cases, IT workers’ scheme only consists in generating stable income for the plan. In others, FBI investigators have found evidence that IT workers share information with more malicious hackers who stole nearly $ 3 billion in crypto, according to the UN.

Under the victory

Crowdstrike surveys have revealed that North Korea technological workers, an opponent Crowdsstrike Dubs “Famous Chollima”, used AI to evolve all aspects of the operation. North Koreans have used a generative AI to help them forge thousands of synthetic identities, modify photos and create technological tools to search for work and follow and manage their applications. In the interviews, the North Koreans used AI to hide their appearance in video calls, guide them to answer questions and pass the technical coding challenges associated with obtaining software work.

Above all, they are now counting on AI to help them appear more commonly English and know the companies in which they interview. Once hired, IT workers use AI chatbots to help their daily work – by responding to Slack, writing emails – to ensure that their written offers appear technically and grammatically healthy and to help them maintain several work simultaneously, said Crowdssrike.

“The famous Chollima agents most likely use Deepfake technology in real time to hide their real identities in video interviews,” said the report. “The use of a real -time Deepfake allows a single interviewer operator for the same position several times using different synthetic characters, improving the chances that the operator is hired.”

Crowdstrike investigators have observed that North Korean IT workers looking for requests for exchange of receivables in AI and paying premium prices for subscriptions to Deepfake services during active operations.

The “laptop farms” go beyond American borders

Adam Meyers, main vice-president of Crowdsstrike’s opponent’s operations, said Fortune His team generally investigates one incident per day linked to the North Korean IT worker program. The program has widened beyond the American borders while the American police have repressed internal operations with indictment and opinions, and that more and more American companies have tightened their security practices and conferred their defenses.

Last month, a 50 -year -old Arizona woman, Christina Chapman, was sentenced to 8.5 years in prison in July after pleading guilty for her role in the operation of a “laptop farm” of her home. The prosecutors said that it had accepted and maintained 90 laptops and installed remote software so that the North Koreans can work for American companies, prosecutors said. Authorities have revealed that Chapman’s operations alone have helped workers obtain 309 jobs that have generated $ 17.1 million in income thanks to their wages. Nearly 70 Americans have made their identities fly in the operation, the authorities said. These did not only attack small businesses with a loose job infrastructure; Nike was one of the companies affected, according to his declaration of impact on the victim in the case of Chapman. The giant of sneakers and sportswear involuntarily hired a North Korean operator affiliated in Chapman. Nike did not respond to FortuneComment requests.

“American police have put a big breach in their ability to exploit the farms of laptops, so as it becomes more and more expensive or difficult to obtain distant jobs here in the United States, they rotate towards other places,” said Meyers. “They get more traction in Europe.”

Meyers said Crowdstrike has seen new laptop farms established in Western Europe in Romania and Poland, which means that North Korean workers obtain jobs – generally as developers of Fullstack – in these countries, then sent portable computers to farms. The program is the same that it works in the United States: a so-called Romanian or Polish developer will interview a company, will be hired and a laptop will be shipped to a known destination for the laptop farm in these countries, he said. In other words, instead of sending integration devices and materials to a real resident where the supposed developer works, the laptop is shipped to a known agricultural address based in Poland or Romania. As a rule, the excuse is the same type that has proven to be effective in American companies, said Meyers. The developer will claim to have a medical or family emergency requiring a change in the shipping address.

“Companies must remain vigilant if they hire abroad,” said Meyers. “They must understand that these risks exist not only at the national level, but also abroad.”

The progress of AI will neutralize the defenses

Amir Landau, head of malware research team at the Cyberark Defense Company, said Fortune Traditional cyber-defenses should possibly become insufficient against threat, such as the Genai used by North Koreans, becomes sufficiently advanced to unravel the defense services of companies. Consequently, what companies must do to defend themselves require a fundamental change in thought in terms of the quantity of confidence and access to companies grants to their own employees.

The military and intelligence principle of a “basis of need to know”, which is from the Second World War, will become more important, said Landau. All developers do not need to know or have access to certain assets or documents, even after being with a business for some time, he explained.

Landau also recommends minimum and limited -time privileges for developers, which gives them a short time window for work, rather than unlimited access that could possibly make a business vulnerable.

Landau has also said that companies should take additional common sense measures in the job process. If a job seeker gives a reference, do not call the phone number or do not speak the email address given to you. Look at them and contact what you see in the public databases, he advised. If someone’s personal information seems bizarre or incoherent, be careful. Use the internet to check what you can find against what you have been told.

“There are a lot of little things you can do to defend yourself against these threats,” he said.

And ultimately, although small businesses are generally more vulnerable, this does not mean that large companies are not also sensitive to fraud programs, Landau said. Meyers said that as long as IT workers could find work, they will continue to evolve their tactics through the use of the Genai.

“They are mainly people exploited from North Korea, earning money for the regime,” said Meyers. “As long as they can continue to generate income, they will continue to do so.”