UNC5267

Incidents involved as Deployer

インシデント 111836 Report
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

2021-01-01

North Korean operatives have reportedly used AI-generated identities to secure remote jobs or impersonate employers in order to infiltrate companies. These tactics allegedly support sanctions evasion through wage theft, credential exfiltration, and malware deployment. Workers reportedly use fake resumes, VPNs, and face-altering tools; some deploy malware like OtterCookie after embedding, while others lure targets via spoofed job interviews. AI systems are reportedly used to generate fake resumes, alter profile photos, and assist in real-time responses during video interviews.

Related Entities

Reconnaissance General Bureau

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Lazarus Group

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Government of North Korea

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Department 53

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

North Korean threat actors

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Famous Chollima

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

PurpleBravo

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

WaterPlum

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Minh Phuong Ngoc Vong

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Sim Hyon-Sop

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Kim Sang Man

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Christina Chapman

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Wagemole

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Void Dokkaebi

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Contagious Interview

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Gwisin Gang

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Matthew Isaac Knoot

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Yang Di

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Jong Song Hwa

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Kim Ryu Song

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Ri Kyong Sik

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Rim Un Chol

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Kim Mu Rim

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Cho Chung Pom

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Hyon Chol Song

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Son Un Chol

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Sok Kwang Hyok

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Choe Jong Yong

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Ko Chung Sok

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Kim Ye Won

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Jong Kyong Chol

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Jang Chol Myong

Incidents involved as Deployer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Unknown large language model developers

Incidents involved as Developer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Unknown deepfake technology developers

Incidents involved as Developer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

OpenAI

Incidents involved as Developer

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Western companies

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Companies in the United States

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Employers

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Cryptocurrency platforms

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Developers

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Interviewees

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

macOS users

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Recruitment teams

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Hiring managers

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Human resources staff

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Web3

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Blockchain projects

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Internal Revenue Service

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

IRS

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Social Security Administration

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

SSA

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Andrew M.

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Oleksandr Didenko

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Jiho Han

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Haoran Xu

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Chunji Jin

影響を受けたインシデント

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Video interview platforms

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Unknown large language models

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Unknown deepfake technology

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Freelance platforms

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Document verification systems

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Digital identity verification services

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

ChatGPT

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Laptop farms

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

BYOD (Bring Your Own Device)

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Flashpoint-detected info-stealing malware

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Zoom

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

WebSocket-based C2

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

ARP packet signaling

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Raspberry Pi Zero

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

OtterCookie

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

OtterCookie v3

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

OtterCookie v4

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

BeaverTail

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

InvisibleFerret

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

AgencyHill99

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

GitHub

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Astrill VPN

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

FTP exfiltration

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Remote admin tools

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Job boards

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Upwork

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

remote3

Incidents implicated systems

インシデント 1118
36 レポート
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers