North Korean Hackers are Using Fake Identities to Land Remote Jobs: How to Protect Your Company

North Korean Hackers are Using Fake Identities to Land Remote Jobs: How to Protect Your Company

Remote work has revolutionized how we work, but it also presents new security challenges. In a recent revelation, a US security awareness training company discovered that they had unknowingly hired a North Korean hacker using a stolen identity for a remote Principal Software Engineer position. This isn't an isolated incident. North Korean IT workers are actively using fake personas and stolen identities to infiltrate companies in the US and gain access to sensitive data.

How are they doing it?

• Crafting Convincing Personas: These hackers create detailed online profiles, often with impressive resumes and work histories, to appear legitimate. They may even have accounts on professional networking platforms and freelance websites.
• Exploiting the Remote Hiring Process: By using stolen identities and focusing on remote roles, they can avoid face-to-face interactions that would expose their true identity.
• Leveraging Social Engineering: Hackers use social engineering tactics to manipulate companies into hiring them and sending work equipment to different addresses.

What Can You Do to Protect Your Company?

Applicant Screening:

• In-Person Interviews: Conduct in-person or on-camera interviews as part of the hiring process. This helps verify the candidate's identity and demeanor.
• Thorough Background Checks: Verify employment history, education, and references thoroughly. Be wary of applicants who list only major companies in their history.
• Online Presence Check: Conduct a detailed review of the applicant's online presence. Look for consistency in name, appearance, work history, and education.
• Mandatory Onboarding: Require in-person onboarding for new remote hires to ensure they are who they claim to be.
• Address Verification: If the applicant changes their mailing address after accepting an offer, verify the new address is linked to the individual.

Reference Screening:

• Thorough Contact Information: Collect and retain all contact information for references provided by the applicant.
• In-Depth Interviews: Conduct in-depth interviews with references to gain a comprehensive understanding of the applicant's capabilities and work experience.

Other Best Practices:

• Awareness Training: Implement general awareness training for all employees on identifying and reporting suspicious activity.
• OSINT Research: Use open-source intelligence (OSINT) tools to supplement internal system monitoring and gain a broader view of potential threats.

It's crucial to stay vigilant and implement robust security measures to protect your company from this growing threat. By understanding the tactics used by these hackers and taking proactive steps, you can minimize the risk of becoming a victim.

About Nisos

Nisos is a managed intelligence company specializing in digital investigations to help protect organizations from threats. Their services help security, legal, and intelligence teams make critical decisions and minimize the impact of potential breaches.

To learn more about Nisos, visit their website: https://www.nisos.com