How North Koreans Are Using AI to Secure Remote Jobs Illegally

North Korean Hackers and Remote IT Jobs

North Korean hackers are increasingly using AI tools to scam their way into remote IT jobs. A recent investigation by Okta, a provider of sign-in services, reveals that North Koreans are leveraging various generative AI services to find, apply for, and prepare for remote IT positions, despite existing US sanctions.

The Role of Facilitators

Okta's findings highlight the involvement of facilitators, individuals who assist North Koreans in securing these jobs. Notably, federal investigators arrested two US citizens in January for their roles in this scheme, and another man from Nashville was apprehended for running a “laptop farm” to help North Korean workers pose as US-based IT professionals.

Generative AI Services in Use

These facilitators utilize a range of AI services to streamline fraudulent activities. For example, one service enables “unified messaging,” allowing users to manage multiple communication accounts seamlessly. Additionally, some facilitators employ services that provide “AI Superpowers” to job applicants, enhancing their chances of passing automated CV scans used in recruitment.

Mock Interviews and Deepfakes

The investigation also uncovered that facilitators access AI programs capable of conducting mock interviews and offering improvement tips. Okta suspects that North Koreans are using these tools to test their AI-powered deepfakes, which can disguise their true identities during video calls. Increasingly, HR firms have reported scammers using deepfakes to alter their appearance in real-time video interviews.

Economic Implications for North Korea

Okta concludes that the scale of these operations suggests that even short-term remote jobs can present a viable economic opportunity for the Democratic People's Republic of Korea (DPRK) when supported by automation and generative AI.

Motives Behind the Scams

According to federal investigators, North Koreans are acquiring these remote IT jobs to fund their country's government, and in some instances, they may steal confidential information from employers to demand ransom. In light of these findings, the FBI and cybersecurity firms are urging companies to rigorously vet candidates for remote positions.

Investigation Methods

While Okta did not disclose specific methods of its investigation, it noted that it was able to observe these activities through Okta login pages.