North Korean Operatives Infiltrate Global Companies

Australian security agencies, in collaboration with Five Eyes partners and cybersecurity firm DTEX, have uncovered a large-scale operation by the North Korean regime. This operation involves North Korean agents posing as remote IT workers to infiltrate Western companies, access corporate networks, and generate revenue for their government.

The United Nations estimates that this operation annually nets North Korea approximately $800 million.

Australian Security Intelligence Organisation (ASIO) Director-General Mike Burgess and DTEX founder Mohan Koo have issued urgent calls for Australian companies to enhance their recruitment practices, citing the significant risks involved.

Methods of Infiltration and Associated Risks

North Korean operatives utilize sophisticated methods, including:

• Fake Identities: Crafting elaborate fake résumés and social media profiles, often using stolen or fabricated personal details.
• Artificial Intelligence: Employing AI to identify online job advertisements, submit applications, manage correspondence with recruiters, and alter voices and appearances during virtual interviews.
• Laptop Farming: Recruiting individuals in Western countries, termed "laptop farmers," to host and operate company-issued computers, thereby acting as intermediaries for the North Korean agents.
• Multiple Personalities: A single operative may use various names while maintaining consistent details, such as the same photo, across multiple job applications.

The risks to companies encompass espionage, foreign interference, preparation for sabotage, and financial fraud. Once on a company's network, North Korean agents can learn about business operations and network structures, potentially disrupting critical functions.

Intelligence Sting Operation Details

As part of an investigation, an Australian cyber and AI company recruiter, collaborating with intelligence agencies, established a trap for a suspected North Korean operative. The operative, using the alias "Aaron Pierson," applied for a fictitious job. During a Zoom interview, "Aaron" demonstrated difficulty providing credible information regarding his claimed residence in Silicon Valley or his purported university attendance in New York, suggesting deception. He also appeared different from his profile picture and became defensive when questioned about North Korea, leading to the termination of the call.

Michael Barnhart, lead investigator for DTEX, heads a team that tracks these operatives by identifying inconsistencies in their online footprints, such as multiple résumés using the same photo or accidental inclusions of accomplices in selfies. Once an operative is positively identified, they are covertly targeted, which includes accessing the contents of their laptops to gather intelligence.

Global Cases and Urgent Warnings

US agencies have been addressing this issue for a decade, with documented cases involving major firms such as Boeing, NBC, and Nike. Christina Chapman, an Arizonan woman, received an 8.5-year jail sentence for operating a "laptop farm" that facilitated the infiltration of over 300 US firms, funnelling $17 million to North Korea. United States Attorney Jeanine Pirro highlighted the ease with which even security-conscious global companies were deceived.

In Australia, law enforcement sources confirm that major banks, including NAB, have experienced infiltration. Intelligence suggests North Korean agents are already present onshore. Key target industries include defence, building, and engineering design.

ASIO Director-General Mike Burgess expressed frustration regarding the lack of seriousness from certain Australian companies concerning this threat.

He emphasized the necessity for urgent action to prevent critical businesses from being compromised, which could lead to disruption or ransom demands during a crisis.

The capabilities of this operation are further enhanced by continuous training and technical support from China.