News and Commentary Impacting Data Privacy and Cybersecurity Programs
Your Newest Remote Hire Could be a North Korean Hacker
Do you know who your newest remote employee is? The candidate you Zoomed with could actually be a “mule” for a North Korean agent.
According to recent warnings from the FBI, the U.S. Department of State, and the U.S. Treasury Department, the North Korean government has dispatched thousands of impersonators across the U.S., China, Russia, Eastern Europe, Southeast Asia, and Africa to infiltrate U.S. companies and access sensitive data and systems, all while earning salaries that can then go to support North Korean weapons development in defiance of U.S. sanctions. These impersonators pose as citizens applying for remote work positions, and when hired, they can use their company devices to insert vulnerabilities, cause misconfigurations, or launch cyberattacks.
In the U.S., there have been several publicized cases of North Korean hacking attempts. KnowBe4, a security training company, reports that it hired a remote software engineer who cleared the interview and background check process. However, as soon as the company delivered its laptop to the new hire, the hacker immediately began installing malware. Fortunately, the company detected the malware because of the device’s onboard security software and remotely contained the malware before the hacker could use it to compromise the company’s internal systems. With assistance from the FBI and Mandiant, Google’s security subsidiary, KnowBe4 concluded that the new hire was in fact a North Korean hacker.
How is it possible for a North Korean to pass through interviews, a background check, and use an American-based computer? U.S. agencies believe these hackers often use falsified documents, purchase accounts on freelance services, or gain assistance from citizens known as “mules” to avoid detection.
On May 16, 2024, the Department of Justice announced the indictment of an Arizona woman and four others who helped North Koreans validate their stolen identities to pose as U.S. citizens. The woman allegedly received and hosted laptops issued by U.S. companies to falsify the workers’ locations. These individuals allegedly used dozens of different identities to net millions of dollars in wages and target more than 300 different companies.
Key Takeaways for Employers
Standard Screening Protocols: HR and procurement teams should establish and use standard procedures for screening applicants, particularly for remote work or consulting positions. This could include a video interview and vetting references. Consider using local interview and screening professionals who could meet with candidates in person. Sectors that hire many remote workers, like technology, should be especially vigilant; but all companies should remember that there are many outside entities that could be seeking company information (consider this Chinese agent case).
Privileged Access Tiers: Sensitive data access should be limited to essential personnel only and include additional required ID verification. These access levels must be updated regularly as employees are added, removed, and shift roles.
Cybersecurity Protocols Ready: IT teams should have protocols ready to deploy if company computers appear to be targeted by malware or hacking. These protocols should isolate the machine and protect company data. Likewise, unusual login behavior should flag investigation or potentially suspend access privileges.
Vet Third-Party Staffing or Consulting Firms: Request documentation to understand a company’s background check process and/or conduct your own. Conduct due diligence on the partner company and the personnel they are recommending, including obtaining a release to enable you to background check the worker yourself.
Concluding Consideration
It is paramount for HR teams to ensure that they are hiring real candidates that represent themselves honestly. Take the time to follow a standardized vetting procedure for new hires, especially for remote workers, and maintain protocols for monitoring their IT system activity post hire.
For further information or guidance on these issues, please contact:
Sherwin M. Yoder, CIPP/US, CIPP/E and CIPM
Partner
203.575.2649
syoder@carmodylaw.com
If you have topics you would like to see discussed, please email us with your ideas. We’d love to hear from you.
This information is for educational purposes only to provide general information and a general understanding of the law. It does not constitute legal advice and does not establish any attorney-client relationship.