North Korean hackers, posing as IT professionals, recruiters, and venture capitalists, have infiltrated global companies to fund their regime and steal corporate secrets, security experts revealed at Cyberwarcon. Using fake identities, AI-generated profiles, and deepfakes, these hackers secure remote jobs and execute cryptocurrency theft, amassing billions to support their country’s nuclear ambitions.
Microsoft’s James Elliott highlighted how “hundreds” of firms worldwide have unknowingly hired North Korean spies. These imposters rely on U.S.-based facilitators to bypass sanctions, setting up remote access for North Korean operatives. A group dubbed “Ruby Sleet” targeted aerospace firms to steal defence data, while “Sapphire Sleet” launched fake recruiter and investor schemes, tricking victims into downloading malware to access crypto wallets.
Remote work, fuelled by the pandemic, has intensified these threats. Companies inadvertently employ these hackers, who steal sensitive data and extort organisations. North Korean operatives even use deepfakes to enhance credibility, creating a web of deceit.
While some firms, like KnowBe4, have identified and mitigated these risks, most remain unaware. Experts warn that without stricter employee vetting and awareness, these cyber operations will persist, bolstering North Korea’s espionage and financial networks.
