North Korean hackers are increasingly infiltrating Western companies. They pose as legitimate employees to break in and make off with company secrets.
Be careful who your company hires. In 2024, the number of cases where North Korean hackers infiltrated organizations by posing as ordinary employees tripled. This is according to a report by Unit 42, the research group of Palo Alto Networks.
Unit 42 investigated 500 cybersecurity incidents worldwide between October 2023 and December 2024. This analysis shows that North Korean hackers are increasingly using so-called ‘insider threats’. In 2024, 5 percent of all incidents worldwide were attributable to these types of infiltrations. Hackers deliberately place employees in organizations to gain access to sensitive information or financial resources.
False Identity
The hackers apply for job openings as if they were ordinary job seekers. To avoid detection, the infiltrators build credible false identities, using AI tools to create realistic-looking profile pictures. In some cases, they even have real work experience, making their profile extra credible.
Technological companies are the preferred target of the North Koreans, but sectors such as retail and logistics are also targeted. Due to the tight labor market, screenings of potential employees are less stringent, the researchers conclude. Because the attackers operate internally, they bypass classic security mechanisms that counter external attacks once they have infiltrated the company.
Applying for Malware
It can also work in the other direction. In addition to infiltrations, Palo Alto Networks also discovered new malware intended for macOS systems. This malware, named RustDoor, is spread through fake job interviews. In this method, North Korean hackers pose as employers in the technology sector and try to install the malware during the conversation. This allows them to capture passwords, among other things.
In 2023, Palo Alto researchers already encountered a similar campaign. In that case, North Koreans posed as recruiters to gain access to IT professionals’ systems. According to the researchers, companies will need to revise their hiring and access management procedures to detect and avoid these types of attacks.