Interview question exposes North Korean infiltration in remote hiring
CALIFORNIA, UNITED STATES — Security experts sounded the alarm on a sophisticated campaign by North Korean operatives to infiltrate global companies through remote job applications.
At the recent RSA Conference in San Francisco, Adam Meyers, senior vice president of CrowdStrike’s counter adversary division, revealed that thousands of North Korean workers have managed to secure roles in Fortune 500 companies, leveraging advanced tools like generative AI to create convincing LinkedIn profiles and applications.
These operatives employ elaborate tactics during the hiring process. According to Meyers, during technical interviews, multiple collaborators work behind the scenes to complete coding challenges while a single individual handles video calls, sometimes unconvincingly. In some cases, candidates use false identities and even spoof their locations through U.S.-based “laptop farms” to bypass security checks.
A simple question that exposes state-backed agents
Despite the sophistication of these schemes, Meyers shared a surprisingly effective method for detecting infiltrators: asking an unexpected, off-script question. “How fat is Kim Jong Un? They terminate the call instantly, because it’s not worth it to say something negative about that,” Meyers said, describing how this question immediately derails interviews with North Korean agents.
Once embedded within a company, these operatives often excel due to team-based efforts behind a single identity. FBI Special Agent Elizabeth Pelker noted the dilemma this poses for employers: “I think more often than not, I get the comment of ‘Oh, but Johnny is our best performer. Do we actually need to fire him?’” she said.
Outsourcing industry faces new security threats
The goals of these infiltrators are twofold: collecting wages and gradually exfiltrating intellectual property, often in small increments to avoid detection. Pelker recommended that companies conduct coding interviews within their own corporate environments to spot behavioral red flags. She also warned that even after dismissal, these workers may retain access credentials or leave behind dormant malware for future extortion attempts.
The operation continues to evolve, with deepfake technology now being used to fool hiring teams and false identity schemes emerging in countries like Ukraine. Pelker emphasized that education and vigilance are crucial: organizations should be wary of hiring fully remote workers and consider in-person meetings whenever possible.
As outsourcing and remote work continue to expand globally, these revelations underscore the urgent need for robust security protocols in the hiring process.
