UK Companies Advised to Conduct In-Person Interviews to Combat North Korean Fake IT Workers
In a significant warning to British businesses, experts are urging companies to conduct job interviews for IT positions either in person or via video conferencing. This recommendation arises from growing concerns about the infiltration of fake IT workers from North Korea, who are increasingly targeting the UK job market.
Analysts have highlighted that the UK has become a prime arena for these fraudulent employees, who are believed to be working remotely. This method allows them to avoid detection while funneling their earnings back to the authoritarian regime led by Kim Jong Un.
A report released by Google this month detailed a shocking case from the previous year, where a single North Korean national managed to operate under at least twelve different identities across various countries in Europe and the United States. This particular individual was reportedly attempting to secure positions within sensitive sectors, including defense and government.
Adding another layer of complexity to this issue, recent reports reveal that these fake IT professionals have taken to threatening companies with the release of sensitive data if they are terminated from their roles, identifying a disturbing tactic in their operational playbook.
John Hultquist, the chief analyst at Googles Threat Intelligence group, made it clear to the Guardian that North Korea has shifted its focus towards Europe, particularly the UK, largely due to increased scrutiny and pressure faced in the US. Hultquist remarked, North Korea is facing pressure in the US and it is particularly focused on the UK for extending its IT worker tactic. It is in the UK where you can see the most extensive operations in Europe.
The implantation of these fake workers often involves the use of facilitators, individuals who maintain a physical presence within the UK. They play a critical role in the operation by providing essential services such as issuing false passports and maintaining physical addresses where equipment, like laptops, can be sent to the workers. Notably, these laptops remain accessible to individuals based in North Korea, who are typically not residing in the same country as the facilitators. The scheme has been further complicated by the prevalence of bring your own device employment models, which are harder to monitor.
The bottom line is their operations have a physical presence in the UK, which is the most important step to grow across multiple sectors in the country, Hultquist stated, emphasizing the need for companies to take preventive measures.
He highlighted that conducting job interviews either in person or through video calls can significantly hinder the operations of these North Korean agents. Hultquist added, Many of the remedies are in the hands of the HR department, which usually has very little experience dealing with a covert state adversary. He advised companies to implement thorough background checks, verify physical identities, and ensure that the individual they are interviewing matches the identity stated on their resume. This scheme usually breaks down when the actor is asked to go on camera or come into the office for an interview, he noted.
Sarah Kern, a North Korean expert at the cybersecurity firm Secureworks, echoed these concerns, stating that the threat posed by fake IT workers is more pervasive than many companies realize. She recommended that British firms strengthen their candidate verification processes and educate their human resources departments on this issue. Kern emphasized the importance of conducting in-person or video interviews to confirm that applicants match the identities presented in their CVs.
In the US, it has also been fruitful to conduct in-person interviews, or at the very least video interviews, and checking that youre talking to who was actually advertised on the rsum, she noted. Kern also pointed out some red flags that could indicate a candidate might not be genuine, such as frequent changes in their address or unusual payment preferences, like requesting wages through money exchange services instead of traditional bank accounts.
The scam has reportedly gained traction in Europe, with these fake IT professionals being recruited through online platforms like Upwork, Freelancer, and Telegram. In response to these alarming developments, Upwork has stated that any attempt to use a false identity is a strict violation of their terms of service, and the platform actively takes measures to eliminate bad actors.
Kern added that many of these individuals tend to avoid video interviews, often because they are situated in shared workspaces populated by other North Korean IT workers. They wouldnt want to show their video, or it sounded like theyre in a call center, but with no actual reason as to why, Kern explained, highlighting the sophisticated lengths to which these operatives will go to maintain their anonymity.
