Multiple US law enforcement and cybersecurity agencies have issued advisories to businesses, warning them to closely scrutinize remote IT hires and freelance contracts. However, given the low risk and potentially high reward of deploying ghost workers, North Korea is likely to expand such activities in the coming months.
Tactics will probably evolve further to bypass standard hiring and vetting procedures. Moreover, with support from the North Korean government, ghost workers will likely make growing use of generative artificial intelligence (GenAI) and deepfakes to aid in job applications and interviews, making detection ever more difficult. To counter this, the US Treasury could expand existing sanctions to include additional front companies associated with North Korea’s ghost workforce.
In the private sector, organizations will likely update their remote hiring policies and develop new tools for behavior analysis and geolocation verification to keep pace with evolving threats. However, training will remain the cornerstone of detection efforts. Educating employees on how to recognize suspicious behavior and actions among colleagues can significantly enhance early detection endeavors. Nonetheless, as North Korea expands its cyber capabilities, the threat will remain dynamic, requiring organizations to adapt and innovate their defenses continuously.
Learn more about leveraging our industry-leading regional and subject matter experts for intelligence that helps your organization stay ahead of risks to your people and operations.