Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report
Google said it has been contacted by several major U.S. companies recently who discovered that they unknowingly hired North Koreans using fake identities for remote IT roles.
In a report published Monday by the company’s Mandiant unit, researchers describe a common scheme orchestrated by the group it tracks as UNC5267, which has been active since 2018. In most cases, the IT workers “consist of individuals sent by the North Korean government to live primarily in China and Russia, with smaller numbers in Africa and Southeast Asia.”
The goal is for workers to earn salaries at multiple companies — generating revenue for the North Korean government — and to gain pivotal access to U.S. tech firms that can be used for further cyberattacks or intrusions.
The remote workers “often gain elevated access to modify code and administer network systems,” Mandiant found, warning of the downstream effects of allowing malicious actors into a company’s inner sanctum.
