Oh my 😬🫣
Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report
It’s difficult to imagine a bigger hiring blunder.
Google said it has been contacted by several major U.S. companies recently who discovered that they unknowingly hired N.Koreans using fake identities for remote IT roles
report published Monday by the company’s Mandiant unit, researchers describe a common scheme orchestrated by the group it tracks as UNC5267
https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat
ICYMI
This is an interesting one because it goes into details about what prompted the company to investigate one of their remote workers, concluding that they were a North Korean resident posing as a US citizen
@LnzyHou heres a good mini thread about it
https://counter.social/@ecksmc/112933653686388067
And a link explaining how they do it - from one company who fell for it
The remote workers “often gain elevated access to modify code and administer network systems,” Mandiant found, warning of the downstream effects of allowing malicious actors into a company’s inner sanctum.
more here:
https://therecord.media/major-us-companies-unwittingly-hire-north-korean-remote-it-workers