Okta Threat Intelligence recently published new research that dives into how North Korean agents use GenAI-powered tools to scale their IT worker scams.
According to Vice President of Okta Threat Intelligence Brett Winterford, operatives for the Democratic People’s Republic of Korea (DPRK) are generating remarkably effective CVs and cover letters to successfully gain employment in remote tech roles with companies worldwide.
The research reveals how these workers are using generative AI at every stage of the hiring process, including to fill out job applications, prepare for interviews, and retain employment once hired. "We're seeing threat actors leverage generative AI to create incredibly convincing fake profiles, making it harder for companies to identify malicious actors," Winterford says.
So, what can you do? Winterford urges companies with remote technical roles to be extra cautious. He advises educating talent and procurement teams about the threat, rigorously verifying identities, and using approved remote access tools. While the deepfake tech used by DPRK might not be perfect yet, it's evolving fast.
Watch the video above to learn more about how GenAI is being used in these campaigns and get actionable recommendations to defend against them.
