Detta inlägg post publicerades ursprungligen på denna sida this site ;
British companies are being urged to carry out job interviews for IT workers on video or in person to head off the threat of giving jobs to fake North Korean employees.
The warning was made after analysts said that the UK had become a prime target for hoax IT workers deployed by the Democratic People’s Republic of Korea. They are typically hired to work remotely, enabling them to escape detection and send their wages to Kim Jong-un’s state.
Google said in a report this month that a case uncovered last year involved a single North Korean worker deploying at least 12 personae across Europe and the US. The IT worker was seeking jobs within the defence industry and government sectors. Under a new tactic, the bogus IT professionals have been threatening to release sensitive company data after being fired.
John Hultquist, the chief analyst at Google’s Threat Intelligence group, told the Guardian that North Korea had turned to Europe, and the UK in particular, after it became more difficult to implement its fake worker ploy in the US.
He said: “North Korea is facing pressure in the US and it is particularly focused on the UK for extending its IT worker tactic. It is in the UK where you can see the most extensive operations in Europe.”
The fake IT worker scam typically works with the help of “facilitators”, or people with a physical presence in the country where the company inadvertently employing the North Korean agents is based.
These facilitators carry out important assisting work such as providing false passports and maintaining a physical address in the country, where laptops are sent to the IT employee when they are hired.
This laptop is then made accessible to a person working for Pyongyang, who typically does not reside in the same country as the facilitator. However, the fake workers are also known to be taking advantage of companies offering “bring your own device” employment, in which the devices are less easily monitored.
“The bottom line is their operations have a physical presence in the UK, which is the most important step to grow across multiple sectors in the country,” said Hultquist.
Hultquist said carrying out job interviews in person or on video would disrupt North Korean tactics.
“Many of the remedies are in the hands of the HR department, which usually has very little experience dealing with a covert state adversary,” he said. “If you want to you’ve got to use background checks, do a better job checking physical identities, and ensuring the person you’re talking to is who they claim to be. This scheme usually breaks down when the actor is asked to go on camera or come into the office for an interview.”
Sarah Kern, a North Korea specialist at the cybersecurity firm Secureworks, said the threat was “more widespread than companies realise”.
She added that British firms could fight the threat by verifying candidates thoroughly and educating their HR departments about the ploy. They should then conduct in-person or video interviews to check that the prospective employee they are considering hiring tallies with who is on their CV.
“In the US it has also been fruitful to conduct in-person interviews, or at the very least video interviews, and checking that you’re talking to who was actually advertised on the résumé,” she said.
Kern said telltale signs that an IT worker may not be who they claim to be include frequent changes in address and where they want their wages sent – such as money exchange services rather than a conventional bank account.
The bogus IT professionals are being recruited in Europe recruited through online platforms including Upwork, Freelancer and Telegram. Upwork said any attempt to use a false identity was a “strict violation of our terms of use” and the company takes “aggressive action to … remove bad actors from our platform”.
Kern added:
“We observed that they were very avoidant of video interviews because often they’re located in a working centre where there’s a lot of these North Korean IT workers working from one small room.
“They wouldn’t want to show their video, or it sounded like they’re in a call centre, but with no actual reason as to why.”
The Guardian Tech RSS
https://www.theguardian.com/technology/2025/apr/20/british-firms-urged-to-hold-video-or-in-person-interviews-amid-north-korea-job-scam
