The North Korea worker problem is bigger than you think
a year ago
- #Insider Threats
- #Cybersecurity
- #North Korea
- North Korean nationals have infiltrated businesses globally with deep-rooted access.
- They gain full-time employment with high-level access to enterprise systems.
- DTEX estimates thousands of critical infrastructure organizations have been infiltrated.
- North Korean operatives have privileged-access rights, enabling them to control systems.
- The scheme extends beyond IT, involving specialized professionals working under false pretenses.
- Insider threats linked to North Korea have surged, with multiple cases reported.
- Organizations often unknowingly hire multiple North Korean nationals.
- Once hired, they quickly infiltrate further, often pivoting to third-party networks.
- North Korean workers use remote access tools, blending in with typical onboarding activities.
- They perform their jobs exceptionally well, sometimes better than others.
- Their activity is anomalous, with impossibly long login times indicating shared access.
- North Korean workers generate hundreds of millions for the regime.
- Potential follow-on activities include espionage, extortion, and disruptive attacks.
- Identifying insider threats is challenging but not impossible.
- HR and recruiters are the first line of defense against such threats.