Home Cyber Security Have you ever unintentionally employed a North Korean IT employee who’s spying in your firm? • Graham Cluley

Have you ever unintentionally employed a North Korean IT employee who’s spying in your firm? • Graham Cluley

Have you ever unintentionally employed a North Korean IT employee who’s spying in your firm? • Graham Cluley


Have you accidentally hired a North Korean IT worker who's spying on your company?

South Korea and the USA’s FBI are warning organisations that they may have inadvertently recruited a North Korean spy to work of their IT division.

The USA and South Korea first issued recommendation to corporations in 2022 in regards to the measures they need to take to keep away from hiring North Korean freelance coders and IT employees, warning of dangers together with the theft of mental property, knowledge, and funds, in addition to reputational hurt and authorized penalties.

Then corporations and recruitment businesses have been suggested to be on the look out for suspicious behaviour, together with accessing firm techniques from a number of IP addresses, working odd hours, and title spelling inconsistencies throughout completely different on-line platforms.

Signal as much as our free publication.
Safety information, recommendation, and suggestions.

Now, in an up to date advisory, further “pink flags” have been listed which could point out that your new rent is definitely working for North Korea:

  • Unwillingness or incapacity to seem on digicam, conduct video interviews or video conferences; inconsistencies once they do seem on digicam, similar to time, location, or look.
  • Undue concern about necessities of a drug check or in particular person conferences and having the shortcoming to take action.
  • Indications of dishonest on coding assessments or when answering employment questionnaires and interview questions. These can embody extreme pausing, stalling, and eye scanning actions indicating studying, and giving incorrect but plausible-sounding solutions.
  • Social media and different on-line profiles that don’t match the employed particular person’s offered resume, a number of on-line profiles for a similar id with completely different photos, or on-line profiles with no image.
  • Residence handle for provision of laptops or different firm supplies is a freight forwarding handle or quickly adjustments upon hiring.
  • Schooling on resume is listed as universities in China, Japan, Singapore, Malaysia, or different Asian international locations with employment virtually completely in the USA, the Republic of Korea, and Canada.
  • Repeated requests for prepayment; anger or aggression when the request is denied.
  • Threats to launch proprietary supply codes if further funds will not be made.
  • Account points at varied suppliers, change of accounts, and requests to make use of different freelancer corporations or completely different fee strategies
  • Language preferences are in Korean however the person claims to be from a non-Korean talking nation or area.

Hmm.. I can simply think about how I’d set off at the least a few these pink flags!

As well as, some wise suggestions are offered for a way recruiters can higher vet candidates to stop the unwitting hiring of North Korean IT staff.

I ponder what number of organisations will truly go to all this effort.

If corporations consider they’ve discovered a very good candidate for a job, and the wannabe IT employee’s wage necessities aren’t out of orbit, I can think about many corporations may welcome them with open arms lengthy earlier than suspicions start to rise that they is likely to be exploiting their entry to the corporate’s community and knowledge.

Discovered this text attention-grabbing? Observe Graham Cluley on Twitter, Mastodon, or Threads to learn extra of the unique content material we put up.



Please enter your comment!
Please enter your name here