IT False in North Korea are now targeting European companies. How do I fool employers to get the jobs

False IT specialists of North Korea, involved in scams, thefts and cyber attacks, target European companies trying to engage, the Tech website reports The Register.

The isolated regime of North Korea operates a group of agents that apply for remote jobs in the field of technology, and if they are employed, they direct their salaries to Kim Jong Un's treasury. Some of them install malware on the computers of the company that fell victim, steal the data of the employers and ask for redemptions.

In the happiest cases, some do not perform their tasks until they are dismissed or do it in a minimal way, sometimes to be able to collect more salaries from different employers.

These workers send impressive CVs and, if they manage to get an interview, try to mask their emphasis and appearance.

How to operate “IT”-North Koreans

One of their favorite tactics is to claim that their webcam is defective and thus avoid the appearance of video in interviews. I also use generative artificial intelligence to create portraits or even to provide responses during interviews.

Sometimes, fake ITs make mistakes after they are employed, such as requesting that a work laptop provided by the employer to be sent to an address that does not correspond to the employment CV. This can be an indication that they have recruited a local intermediary, which will maintain the laptop connected to the Internet and the internal network of the employer.

North Koreans then use VPNs to connect to the laptops provided by the employer and make sure they work-or at least seem to work-at the appropriate local hours. Intermediaries also help them transfer wages to Phenian.u

The scam has been refined in recent years, The Register and other Tech sites documenting that including cyber security companies have fallen into the net of the North Korea operative group.

North Koreans became increasingly active in Europe

A message published this week by Jamie Collier, a chief counselor at Google Threat Intelligence Group, signals “an increase in active operations in Europe” of these workers.

“The activity of DPRK IT workers in several countries now transforms them into a global threat,” he warns. “Although the United States remains a main target, in recent months, North Korean IT workers have encountered difficulties in finding and maintaining jobs in this country. This is probably due to increased awareness through public reports, defendants carried out by the US Department of Justice and the legal verification on the right to work.”

“These factors have led to a global expansion of IT workers' operations, with a special emphasis on Europe,” added Collier.

Google and partners of the American Tech giant identified North Korean workers “looking for jobs in Germany and Portugal” and also discovered “connecting data on European recruitment and management platforms.”

Invented identities and false passports discovered in Serbia

The investigators also found “manufactured identities, including CVs with diplomas from the University of Belgrade, Serbia, and residences in Slovakia, as well as instructions for sailing on European employment sites.”

“A document contained specific instructions on how to obtain jobs in Serbia, including the use of Serb time during communications.”

Also, information was discovered to obtain false passports, probably so that North Koreans can then provide documents that demonstrate the right to work or to open bank accounts.

North Korean agents have searched for jobs on platforms such as upwork, telegram and freelancer. Some have asked to be paid in cryptocurrencies or by services such as Transferwise and Payoneer.

US have already taken measures against the North Korean group

Google also believes that he has found evidence of sophisticated intermediary in the UK.

“An incident involved a DPRK IT worker who used facilitators in both the United States and the UK. Remarkable, a corporate laptop, theoretically intended for use in London, indicating a complex logistics chain,” Collier wrote.

Google believes that fake workers are now targeting companies that have “bring your own device” policies (use your own device at work) because, if they can use their own laptop, the company management tools is unlikely to be able to intervene. Byod also means that employers do not have to send a laptop, so there is no postal address that can be used to investigate a suspicious worker.

Google believes that investigations will be needed, because it has noticed that North Korean counterfeiters are increasingly targeting big employers and are increasingly resorting to blackmail.

“In these incidents, recently fired IT workers have threatened to disclose sensitive data of former employers or that they will provide a competitor. This data included owners and source code for internal projects,” Collier wrote, suggesting that this growth of blackmail attempts could be related to the intensification of US actions.

The FBI has issued guidance on how fake IT workers in North Korea can be identified, among the revealing signs being avoiding meetings in person, changing your favorite payment methods on freelancing platforms and online profiles that do not contain an image.