Company Shares Latest Developments in DPRK-Driven Employment Fraud Campaign, Following Disclosure of False Identities, Use of GitHub and AI Deepfakes.
Nisos, the human risk management company, shared a new set of findings from its years of research into North Korean-led employment fraud efforts: that DPRK (Democratic People’s Republic of Korea)-affiliated IT workers appear to be setting up fake freelance software development companies to gain freelancer work. The findings are available in the company’s newest research report, entitled “Saja DPRK Employment Scam Network.”
Nisos researchers uncovered an IT worker employment scam network where DPRK-affiliated individuals are posing as Polish and U.S. nationals, with the goal of obtaining employment in remote engineering and full-stack blockchain developer roles. Members of the network are using GitHub accounts, portfolio websites, and freelancer accounts – and have gone to the extreme of establishing a global freelance software development company, Inspiration With Digital Living (IWDL), aimed at tricking companies into hiring them for full-time remote positions and project-based freelance jobs.
HR Technology Insights: Zoom, ServiceNow Partner to Enhance Customer, Employee Experience
“This is a natural evolution of the DPRK-connected threat actors’ efforts to gain employment as IT workers across the globe. As they escalate their tactics to fabricate strong, hard-to-question backstories and employment histories for themselves, establishing a fake freelance software development company seems like the next logical step,” said Ryan LaSalle, CEO of Nisos.
As a part of its research, Nisos identified the following tactics, techniques, and procedures (TTPs) that are commonly attributed to DPRK employment fraud actors, spread across GitHub accounts, portfolio websites, and IWDL’s website:
HR Technology Insights: ControlUp Names Beau Dolinsky, Vice President of Customer Experience
- GitHub accounts exhibited an unusual consistency in avatars, in this case many displayed similar lion-themed pictures
- Personas within the network used similar email addresses, which frequently included the word “century” in their contact information
- Portfolio websites exhibited an unusual consistency, suggesting that they were created from the same template with identical information
- The same threat actor had accounts in different names attempting to gain employment
- Profile photos were digitally manipulated. Threat actors’ faces were often pasted on top of stock photos
- The same persona was reused by different threat actors
HR Technology Insights: Atento Brings AI to Customer & Employee Experience
To participate in our interviews, please write to our HRTech Media Room at sudipto@intentamplify.com
Source: PR Newswire
