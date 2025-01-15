North Korean IT Worker Scam

January 2025 by Secureworks®

Research from Secureworks® Counter Threat Unit™ has revealed links between the North Korean IT workers scheme and fraudulent Crowdfunding activity. The scam garnered around $20,000 and showcases an early fraudulent thread in the complex tapestry of North Korean cyber operations to raise funds for the isolated regime.

Rafe Pilling, Director of Threat Intelligence, Secureworks Counter Threat Unit

“Over the past 12 months we’ve seen the North Korean IT worker scheme evolve, leveraging deepfakes and AI. To counter state sponsored groups like NICKEL TAPESTRY, it’s crucial to understand not only how their tradecraft is changing, but also where it began. Businesses must stay vigilant and ensure they understand how best to mitigate this threat.”

Top 5 Tips for Safeguarding Your Hiring Process:

1. Verify Candidate Identity – Cross-check personal details like name, nationality, contact info, and work history with official documentation for consistency. Don’t skip this crucial step!

2. Watch for Red Flags in Interviews – In-person or video interviews are key. Keep an eye out for unusual behavior, such as long pauses or evasive answers, which could indicate fraud.

3. Stay Alert During Onboarding – Be cautious if candidates request address changes or ask to have paychecks routed through money transfer services. These are common red flags.

4. Limit Remote Access – Control access to company systems by restricting the use of unauthorized remote tools and ensuring only necessary systems are available to new hires.

5. Post-Hire Vigilance – Continue to monitor employees after hiring to confirm that the person who obtained the contract is the same one showing up for work. Consistency is key to avoiding fraud.