North Korean hackers are increasingly using AI tools to help scam their way into remote IT jobs.
Okta, which provides sign-in services for thousands of businesses, has been investigating what online services North Koreans use to help them secure remote IT jobs, despite US sanctions. Its findings, released today, suggest that North Koreans are leaning on generative AI services to find jobs, apply for them, and support them during the interview process.
Okta paid special attention to the middle-men “facilitators” that North Koreans hire to help them nab the jobs. For example, federal investigators arrested two US citizens in January for doing just that. Last year, another man in Nashville, Tennessee, was arrested for running a “laptop farm” to help North Korean workers pretend to be US-based IT workers.
Okta says these facilitators have been found using a variety of generative AI services that can help streamline the North Korean’s fraudulent activities. For instance, one AI service offered “unified messaging,” letting a user manage multiple mobile phone accounts, instant messaging accounts. and email accounts.
In other cases, facilitators used “services that provide ‘AI Superpowers’ to job applicants to help them ‘outsmart employers’ robots,’ in order to improve the chances of a job application successfully progressing past the automated CV/resume scans used in recruiting platforms,” Okta said.
The research also spotted the facilitators accessing services that offer AI programs that can conduct mock interviews and provide tips on how to improve. Okta suspects the North Koreans were also using these services to test-run their AI-powered deepfakes, which can mask their real identity during a video call. Increasingly, HR firms have spotted scammers using such deepfakes to face-swap their identity, even during real-time video calls.
“The scale of observed operations suggests that even short-term employment for a few weeks or months at a time can, when scaled with automation and GenAI, present a viable economic opportunity for the DPRK [Democratic People’s Republic of Korea],” Okta concluded.
Recommended by Our Editors
According to federal investigators, North Koreans are obtaining the remote IT jobs to generate funds for their country’s government. In some cases, the North Koreans will even steal confidential data from their employer and demand a ransom. In response, the FBI and cybersecurity vendors are urging companies to strictly vet candidates for remote jobs.
Okta didn’t elaborate on how it investigated the fraudulent remote IT worker schemes. But the report mentions that it was able to observe such activities through Okta login pages.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Michael Kan
Senior Reporter
