Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
North Korean agents have been observed creating entire personas around fake résumés and job interviews – all assisted by artificial intelligence.
North Korean worker scams came into the limelight last year when identity security company KnowBe4 came clean on the fact that even it fell victim to the scam, accidentally hiring a North Korean national before discovering it was all a set-up.
Since then, much more light has been shed on the operations of these fake IT workers and their role in supporting the Democratic People’s Republic of Korea (DPRK).
The latest research on fake worker campaigns has now shown that generative AI (GenAI) is the backbone of many such operations. According to research conducted by Okta Threat Intelligence, generative AI is used at all stages of the scam, from creating “compelling personas” to aiding agents of the DPRK in running multiple roles at once.
These operations are supported by what Okta calls “facilitators”, which operate in the same country as the organisations targeted and who help provide a cover for North Korean operatives. They assist in the recruitment process, give access to legitimate identity documents, and assist in operating company-supplied devices via remote access tools.
They also depend on AI for many of their side of the operations.
One of the key challenges is maintaining multiple communication channels between the fake workers and their unknowing employers, and AI-powered unified messaging systems are a key component of maintaining the illusion.
“These services use GenAI in everything, from tools that transcribe or summarise conversations to real-time translation of voice and text,” Okta’s researchers said in a recent blog post.
AI-enhanced recruitment platforms are also taken advantage of, both to gather real job applications to train future datasets and to advertise for roles at “front companies” to study letters and résumés from real people. AI also plays a role in the creation of résumés, with facilitators using the services of “AI superpowers” to create cover letters and CVs that can get around the smart tools used by employers to screen applicants.
Generative AI agents are also used to fill out job applications and to offer interview training and critique. Mock interviews are used to test how believable deepfake overlays are.
“These automated ‘AI-based webcam interview review’ services claim to assist with the appropriate use of lighting, video filters, lighting and the candidate’s approach to conversation,” Okta said.
Large language model-based chatbots are another important tool and are used throughout the entire recruitment process, while code training services are used to help fake workers skill up on AI and other tools used within victim organisations.
According to Okta, these facilitators are, in effect, AI power users, able to turn non-English speakers with minimal skills into attractive hires in order to channel funds to the DPRK, thus avoiding a raft of financial sanctions.
“The scale of observed operations suggests that even short-term employment for a few weeks or months at a time can, when scaled with automation and GenAI, present a viable economic opportunity for the DPRK,” Okta said.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
