Microsoft has suspended 3,000 Outlook and Hotmail email accounts that it believes were created by North Korean IT workers. This action is part of a broader effort to assist companies in addressing a costly scheme orchestrated by North Korean nationals.
The tech giant has spent years monitoring North Korea’s campaign to get its citizens hired in IT roles within U.S. companies. Recently, Microsoft has noticed changes in the operations of this campaign. North Korean IT workers are now heavily utilizing artificial intelligence to enhance images in stolen employment and identity documents, making their photos appear more professional.
In a blog post, Microsoft stated, "We’ve also observed that they’ve been utilizing voice-changing software." This announcement coincided with two indictments from the Justice Department, which charged several North Koreans and at least two U.S. citizens involved in the IT worker scheme.
In October, Microsoft's Threat Intelligence Unit discovered a public repository containing both actual and AI-enhanced images of suspected North Korean IT workers. This repository also included resumes, email accounts used by these workers, guidelines on performing their work via VPN accounts, manuals on executing identity theft, and information on payments made to facilitators.
According to Microsoft researchers, “North Korean IT workers appear to conduct identity theft using AI tools like Faceswap to overlay their pictures onto stolen employment and identity documents.” They also mentioned that these workers use AI to insert their images into more professional settings. Such AI-generated pictures are then used in resumes or profiles during job applications.
The individuals behind this campaign are heavily experimenting with voice-changing software and other AI technologies, which supports assessments made by various cybersecurity companies monitoring these schemes. Microsoft warned that while they have yet to observe North Korean IT workers using AI voice and video tools, doing so “could allow them to conduct interviews directly, eliminating the need for facilitators to represent them during interviews or sell them access to accounts.”
The recent indictments from the Justice Department have shed light on the extensive scale of North Korea’s operations. The FBI carried out searches in 16 different states, targeting 29 laptop farms where U.S. residents accept company laptops and install software that allows for remote access by North Koreans. Documents from the court identified multiple U.S. citizen co-conspirators, including an active-duty member of the U.S. military with a security clearance.
To highlight the financial impact of this scheme, prominent cryptocurrency investigator Zachary Wolk, known as ZachXBT, reported that a recent investigation uncovered over $16.5 million in cryptocurrency payments sent to accounts controlled by known North Korean IT workers since January 1, averaging nearly $3 million per month.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
