(NewsNation) — A growing threat from North Korea involves hackers stealing United States military secrets and extorting hospitals for ransom.
The U.S. Department of Justice recently indicted a North Korean hacker who tried to infiltrate NASA and military sites. Meanwhile, a top digital security firm learned a remote employee was a North Korean hacker after he infected his company laptop with malware.
The security company KnowBe4 contacted the FBI and mitigated the threat. Chief Information Security Officer Brian Jack said the issue points to “sophisticated” nation-state actors with “seemingly endless means.”
“So, in this case, the individual had used a stolen identity of a U.S. citizen to pose as someone with a legitimate work background,” Jack said. “They had listed tenures for several years at very big tech companies. The social security number and ID provided passed background checks. They passed a criminal background check because it was a stolen identity. It wasn’t actually the person we were talking to. They had swapped the picture on the ID and we had no way of telling that.”
The employee’s story was “extremely believable,” Jack said, noting that they passed interviews “with flying colors.”
“They were a good fit for the position, but they were a North Korean IT worker,” he said.
It’s a risk many people don’t consider — one that presents a serious threat.
In May, the U.S. Department of Justice announced the arrest of an Arizona woman accused of participating in an elaborate fraud scheme to help dozens of foreign IT workers pose as Americans and secure jobs at major American companies, then send millions in revenue back to the North Korean regime.
Last week, a Kansas City grand jury indicted a different North Korean hacker accused of trying to infiltrate hospitals, NASA and military sites.
Michael Barnhart — known as “Barni” — is a former U.S. cybersecurity official with Mandiant and part of Google who stepped in to help.
“Based on the volume we’re seeing, they’re at Fortune 500 companies all over the world,” he said.
The numbers are staggering. Barnart said that 10 people may sometimes live in one apartment that IT workers using stolen identities operate out of.
“On average, one IT worker can be running seven different personas at seven different companies, and even referring themselves at the same company, bumping that number up even more,” he added. “So one house of 10 people can easily run up to 80 different paychecks coming in. And those IT workers and those setups are all over the world. Many of them are near North Korea and kind of the neighboring regions, but the volume and just how they’re even using automation and AI to bump up and force multiply is very big as well.”
Experts advise employers to review their hiring practices and take extra care to confirm candidates are who they say they are. Employers should also confirm employees’ addresses before sending them corporate equipment.