North Korean hackers are using advanced AI tools to help them get hired at Western firms

News
By published

Okta have identified an escalation in the DPRK’s campaign

North Korean flag with a hooded hacker
(Image credit: Shutterstock)
  • North Korean hackers are using GenAI to hold jobs in western firms
  • New research from Okta reveals AI written CVs and messages
  • This is an escalation from an existing fake interview campaign

New research from Okta has revealed that hackers from the Democratic People’s Republic of Korea (DPRK), are using generative AI in its malicious interview campaign - a series of tactics that involve gaining employment in remote technical roles in western firms, usually in industries with sensitive security data like defense, aerospace, or engineering.

This isn’t the first time North Korean fake job hackers have gone the extra mile with their campaigns, but the new research has found that GenAI is playing an integral role in the employment schemes.

The AI models are used to “create compelling personas at numerous stages of the job application and interview process” and then, once hired, GenAI is again used to assist in maintaining multiple roles, all earning revenue for the state.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month.

Keeper generates and stores strong passwords so you never have to remember them again. Don’t let one weak password leave you exposed.

Preferred partner (What does this mean?)

View Deal

Malicious interview

AI was used by these hackers in a number of ways, including generating CVs and cover letters, conducting mock interviews via chat and webcam, translating, translating, and summarising messages, as well as managing communications for multiple jobs from different accounts and services.

To assist, the hackers have a sophisticated network of ‘facilitators’ that provide in-country support, technical infrastructure, and “legitimate business cover” - helping the North Koreans with domestic addresses, legitimate documents, and support during the recruitment process.

The campaign is growing ever more sophisticated, especially given that hackers are now using both sides of the job seeking process, targeting job seekers with fake interviews, in which they deliver malware and infostealers.

These elaborate schemes often start on legitimate platforms like LinkedIn or Upwork - with the attackers reaching out to victims to discuss potential opportunities. Anyone on the job hunt or in the hiring process should be extra vigilant about who they are speaking to, and should be careful not to download any unfamiliar software.

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.