- North Korean hackers are using GenAI to hold jobs in western firms
- New research from Okta reveals AI written CVs and messages
- This is an escalation from an existing fake interview campaign
New research from Okta has revealed that hackers from the Democratic People’s Republic of Korea (DPRK), are using generative AI in its malicious interview campaign – a series of tactics that involve gaining employment in remote technical roles in western firms, usually in industries with sensitive security data like defense, aerospace, or engineering.
This isn’t the first time North Korean fake job hackers have gone the extra mile with their campaigns, but the new research has found that GenAI is playing an integral role in the employment schemes.
The AI models are used to “create compelling personas at numerous stages of the job application and interview process” and then, once hired, GenAI is again used to assist in maintaining multiple roles, all earning revenue for the state.
Malicious interview
AI was used by these hackers in a number of ways, including generating CVs and cover letters, conducting mock interviews via chat and webcam, translating, translating, and summarising messages, as well as managing communications for multiple jobs from different accounts and services.
To assist, the hackers have a sophisticated network of ‘facilitators’ that provide in-country support, technical infrastructure, and “legitimate business cover” – helping the North Koreans with domestic addresses, legitimate documents, and support during the recruitment process.
The campaign is growing ever more sophisticated, especially given that hackers are now using both sides of the job seeking process, targeting job seekers with fake interviews, in which they deliver malware and infostealers.
These elaborate schemes often start on legitimate platforms like LinkedIn or Upwork – with the attackers reaching out to victims to discuss potential opportunities. Anyone on the job hunt or in the hiring process should be extra vigilant about who they are speaking to, and should be careful not to download any unfamiliar software.
