Google has revealed that several major U.S. companies have unknowingly hired North Korean IT workers using fake identities, sparking concerns about the potential for future cyberattacks. According to a report from Google’s Mandiant cybersecurity unit, North Korean operatives have been posing as remote workers to infiltrate organizations and send their earnings back to support the regime. These individuals, who often operate from China and Russia, have been active since 2018, using false identities to secure multiple jobs.
Mandiant’s research found that these workers gain access to company networks, potentially allowing them to modify code or administer systems. This could eventually be exploited for malicious purposes. The investigation revealed that many of these workers present fake resumes, use stolen identities, and operate through intermediaries running “laptop farms” in the U.S., which enable them to work remotely.
The U.S. government has been addressing the issue, arresting individuals involved in facilitating these schemes and imposing sanctions on entities employing North Korean workers. However, the infiltration remains a significant threat.
Expanded Coverage:
