October 18, 2024 at 12:33AM
Companies increasingly hire North Korean operatives disguised as IT contractors, who exfiltrate data and demand ransoms after being dismissed for poor performance. Secureworks highlights this emerging trend in cyber extortion, urging firms to verify candidates thoroughly, restrict remote software use, and be cautious of suspicious hiring practices.
### Meeting Takeaways:
1. **Emergence of North Korean Operatives**:
– Increased incidents of companies unknowingly hiring North Korean operatives for IT contractor positions.
– These operatives typically exfiltrate sensitive data and later demand ransoms in six-figure sums.
2. **Nickel Tapestry Operations**:
– Secureworks noted similarities between these scams and tactics used by North Korea’s Nickel Tapestry crew.
– Extortion and theft of intellectual property represent a new risk for businesses.
3. **Scam Tactics**:
– Fake workers often request address changes for company-issued equipment to cover their tracks.
– They may prefer using personal devices or virtual desktops for work purposes.
– Specific tools observed include Chrome Remote Desktop and AnyDesk, alongside unusual requests to avoid video calls.
4. **Evidence of Data Theft**:
– Documented cases show operatives transferring proprietary information to personal cloud storage and then demanding ransoms using threats of leaking data.
5. **Financial Red Flags**:
– Companies should watch for unusual financial behaviors, such as frequent changes to bank account information for paycheck deposits.
– Illicit activities often involve services like Payoneer.
6. **Patterns of Employment**:
– Evidence suggesting that North Korean operatives may share identities or roles, indicating the presence of more than one scam artist in the same organization.
7. **Preventive Measures**:
– Secureworks recommends thorough documentation checks and in-person interviews when hiring.
– Companies should monitor onboarding processes for suspicious address changes and restrict the use of unauthorized remote access software.
– General vigilance is advised against unusually cheap hires, as they may indicate potential scams.
8. **General Advice**:
– Companies are encouraged to conduct rigorous background checks and continuously train employees on the potential risks of hiring remote IT workers.