Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers
January 1, 2021
North Korean operatives have reportedly used AI-generated identities to secure remote jobs or impersonate employers in order to infiltrate companies. These tactics allegedly support sanctions evasion through wage theft, credential exfiltration, and malware deployment. Workers reportedly use fake resumes, VPNs, and face-altering tools; some deploy malware like OtterCookie after embedding, while others lure targets via spoofed job interviews. AI systems are reportedly used to generate fake resumes, alter profile photos, and assist in real-time responses during video interviews.
- Alleged deployer
- yang-di, waterplum, wagemole, void-dokkaebi, unc5267, son-un-chol, sok-kwang-hyok, sim-hyon-sop, rim-un-chol, ri-kyong-sik, reconnaissance-general-bureau, purplebravo, north-korean-threat-actors, minh-phuong-ngoc-vong, matthew-isaac-knoot, lazarus-group, ko-chung-sok, kim-ye-won, kim-sang-man, kim-ryu-song, kim-mu-rim, jong-song-hwa, jong-kyong-chol, jang-chol-myong, hyon-chol-song, gwisin-gang, government-of-north-korea, famous-chollima, department-53, contagious-interview, christina-chapman, choe-jong-yong, cho-chung-pom
- Alleged developer
- unknown-large-language-model-developers, unknown-deepfake-technology-developers, openai
- Alleged harmed parties
- western-companies, web3, ssa, social-security-administration, recruitment-teams, oleksandr-didenko, macos-users, jiho-han, irs, interviewees, internal-revenue-service, human-resources-staff, hiring-managers, haoran-xu, employers, developers, cryptocurrency-platforms, companies-in-the-united-states, chunji-jin, blockchain-projects, andrew-m., epistemic-integrity, truth, national-security-and-intelligence-stakeholders
Source
Data from the AI Incident Database (AIID). Cite this incident: https://incidentdatabase.ai/cite/1118
Data source
Incident data is from the AI Incident Database (AIID).
When citing the database as a whole, please use:
McGregor, S. (2021) Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database. In Proceedings of the Thirty-Third Annual Conference on Innovative Applications of Artificial Intelligence (IAAI-21). Virtual Conference.
Pre-print on arXiv · Database snapshots & citation guide
We use weekly snapshots of the AIID for stable reference. For the official suggested citation of a specific incident, use the “Cite this incident” link on each incident page.