North Korean spies have been infiltrating U.S. companies by concealing their identities and going through official hiring processes. Many companies unknowingly hire these operatives, only discovering their true identities later. This trend has become more frequent with the rise of remote work during the coronavirus pandemic.
The Wall Street Journal (WSJ) reported on Sept. 5 that North Korean agents are now being secretly employed as remote workers in the United States rather than merely hacking into networks. In July, KnowBe4, a cybersecurity company based in Clearwater, Florida, hired someone who identified himself as Kyle through a video interview. Kyle performed well in the interview, answering questions about his strengths, weaknesses, and future learning goals in English. He also posted a professional-looking photo on LinkedIn. After passing the hiring process, Kyle requested that the company ship a laptop to an address in Washington state. On his first day, he attempted to deploy malware within the company, triggering an internal security alert. The company reported the incident to the Federal Bureau of Investigation (FBI), which discovered that Kyle’s LinkedIn photo was AI-generated and that he was actually in North Korea. The FBI also found that a middleman in Washington state had assisted Kyle’s operation. WSJ noted that “job seekers traced to North Korea have surged in the past two years,” adding that North Koreans are exploiting the post-COVID remote work boom and advances in AI to secure positions at U.S. companies using stolen foreign identities.
According to the U.S. Department of Justice, North Korea has adopted this method to earn cash abroad, as traditional revenue sources such as illegal arms sales have become increasingly difficult due to international sanctions and the pandemic. The funds acquired through these schemes are used to develop nuclear and ballistic missile programs.
WSJ reported that earlier this year, Google Cloud’s cyber threat division shared nearly 800 email addresses suspected to belong to North Korean IT workers with private security partners. Around 10% of these addresses were used in job applications between February and August, with 236 interactions with hiring managers confirmed. In May, federal prosecutors revealed that two individuals were charged with helping North Korean-linked figures gain employment at over 300 U.S. companies. They are accused of using at least 60 stolen identities to help these figures get hired and then transferring $6.8 million to Pyongyang. The targeted companies included Silicon Valley tech firms, U.S. auto manufacturers, and aerospace and defense companies.
