Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers

Multiple cybersecurity incidents involved North Korean threat actors using AI technologies for malicious purposes. The BlueNoroff group, linked to North Korea's Lazarus Group, conducted sophisticated phishing operations targeting Web3 industry employees through deepfake Zoom calls featuring AI-generated versions of company executives. When victims reported audio issues, attackers shared malicious AppleScript files disguised as Zoom extensions, leading to installation of backdoors, keyloggers, and cryptocurrency stealing malware. Separately, extensive investigations revealed that thousands of North Korean IT workers have infiltrated major U.S. companies using stolen identities, with some using AI face-changing software during video interviews and AI assistants to answer questions in real-time. These workers generated hundreds of millions of dollars for the North Korean regime, with individual cases involving workers earning over $250,000 annually. The schemes involved over 300 U.S. companies including Fortune 500 firms, with facilitators operating 'laptop farms' in the U.S. to make workers appear domestically located. Some workers also engaged in extortion, threatening to release stolen company data if not paid additional ransoms. Federal investigations led to multiple arrests and indictments, with one case involving 14 North Korean nationals who generated at least $88 million over six years.