North Korean scammers are using AI during the job application process to conceal their identities.
(Image: The Asahi Shimbun via Getty Imag)
North Korean scammers have been using deepfake technology and artificial intelligence to pose as remote workers for European IT companies to gain intel, and are being considered a global threat
Imposters are using AI in the job application process to hide their real identities.
They generate fake resumes, websites, LinkedIn profiles, and professional headshots with AI to create a believable persona for an open role.
READ MORE: Big Lots reopening more than 100 stores this May – is one near you? Full list hereREAD MORE: Cancer warning issued over popular cooking oil that is ‘poisoning’ Americans
Once in, they steal company secrets or install malware.
By 2028, research and advisory firm Gartner estimated that one in four job applicants will be fake.
In the Pragmatic Engineer newsletter, Unit 42, a threat research lab unit, published a study that showed a case involving a Polish AI firm that encountered two deepfake candidates.
This follows a recent data breach at the AI image editing platform Cutout.pro, which revealed information about almost 20 million users, including “scores” of North Korean scammers posing as IT workers.
Unit 42 said that interviewers at the Polish firm suspected one individual controlled both the personas. Alarm bells began ringing after the operator was more confident in the first round of the second technical interview, likely due to having already faced the same format of questions.
David Moczadlo, co-founder of cybersecurity firm Vidoc Security, posted a video on LinkedIn of a fake AI-generated job seeker who followed similar patterns to North Korean scammers. This was the second time he encountered someone using deepfake technology, forcing them to change their hiring process to an all-expenses-paid in-person interview.
He told CBS News that he asked the person using an AI filter to put a hand in front of their face to verify their identity. When they refused, he ended the interview as the position would likely “break” the con artist’s deepfake filter.
“Sometimes it takes a hacker to find a hacker,” he told CBS News.
According to Google Threat Intelligence Group’s report, an alleged IT employee from North Korea sought several employment opportunities across Europe, especially in government and defense industries.
The worker “operated at least 12 personas across Europe and the US,” the report claimed.
Researchers investigated similar “personas” active in Germany and Portugal and a “diverse portfolio of projects in the UK undertaken by DPRK IT workers.”
Usually, these workers falsify their national identities, claiming to be from Italy, Malaysia, Singapore, Japan, Vietnam, Ukraine, and the United States.
They are usually recruited via online platforms like Telegram, Upwork, and Freelancer. Companies that have BYOD or bring your own device policies may be the most susceptible to such risks.