Beware, North Korean Agents Disguised on LinkedIn to Infect Companies with Malware
JAKARTA - North Korean Information Technology (IT) workers are known to disguise themselves as professionals on LinkedIn to infiltrate various global companies. This is done as a new fraud scheme.
These workers use stolen identities to get positions with high salaries in the technology field. Usually, they are looking for job vacancies with remote or remote work systems.
According to the findings of cybersecurity companies such as Mandiant and Recorded Future, this trend has been around since 2023. However, this trend experienced a sharp increase last year.
These imposters steal data from workers in various countries, from the US, Europe, and Asia. This profile is often equipped with LinkedIn skill badges and company email addresses so that the account looks more convincing.
The positions that North Korean agents often target are software developers and cloud computing engineering experts. After being accepted in these positions, they will steal company data or even funds.
The theft was carried out by accessing the company's internal network to install malicious software. They also sucked cryptocurrencies to fund the illegal activities they had been doing for years.
US cyber security agencies have issued warnings for companies to conduct strict verification outside of LinkedIn profiles. The resumes submitted by perpetrators are usually very identical to the victim's work history whose identity is falsified.
The hackers operate from secure locations such as China or Russia using VPN connections to hide their real IP addresses. They even use AI voice changers and deepfakes when conducting job interviews via video platforms.
Once inside the system, they mapped the company's network using sophisticated hacking tools to extract sensitive data. In 2024, this activity resulted in the theft of crypto worth US$100 million (Rp1.6 trillion) from three different companies.
The most damaging case involves a fake senior developer who implanted ransomware on his company's systems. This action caused financial losses of up to 2 million US dollars (Rp. 33.6 billion) for the affected companies.