"Are you sure? They're one of our top people"...North Korean operatives worked from home and collected salaries

[The Financial News] It has emerged that North Korean information technology (IT) operatives have been hired by major corporations in Europe, posing as remote workers and collecting large salaries. They reportedly made active use of artificial intelligence (AI) in the recruitment process, even creating avatars to sit for remote interviews.
Financial Times (FT) reported this on the 15th (local time). The report follows an announcement by the United States Department of Justice (DOJ) that, between 2020 and 2024, North Korean operatives posed as remote employees at more than 300 US companies and generated 6.8 million dollars (about 1 billion won) for the North Korean regime.
Jamie Collier, a senior adviser in Europe at the Google Threat Intelligence Group (GTIG), told FT, "This tactic has spread to Europe, and North Korean operatives have set up what are essentially 'laptop factories' in the UK to carry out these scams."
Collier noted, "Because hiring is not inherently viewed as a security issue, it is a vulnerable area within corporate systems. North Korean operatives have exploited that weakness," adding, "On one occasion, when we informed a client that one of their employees was actually a North Korean operative, the response was, 'Are you 100% sure? That person is one of our best employees.'"
Rafe Pilling, director of threat research at cybersecurity firm Sophos, also said, "These small North Korean units are targeting highly paid, fully remote technical roles," and stressed, "They repeatedly pose as professionals with around seven to ten years of experience, secure jobs, and then collect the wages."
North Korean operatives are believed to secure employment by meticulously stealing or forging identities. Methods include stealing LinkedIn accounts that have not been used for a long time or paying the account holders for access, then falsifying résumés and identity documents, and manipulating work histories by exchanging recommendations with accomplices on LinkedIn.
They are said to make particularly active use of AI. According to FT, during remote interviews they generate digital avatars and use deepfake video filters.
Alex Laurie, chief technology officer (CTO) at cybersecurity company Ping Identity, warned, "Fake applicants are using Large Language Model (LLM) tools to create convincing names and even email addresses, allowing them to evade suspicion," adding, "The future of UK security will depend on companies' ability to verify the true identities of their workforce in the face of relentless AI-driven attacks."
y27k@fnnews.com Seo Yoon-kyung Reporter