.png){kind=logo}
Microsoft has blocked over 3,000 Outlook and Hotmail accounts linked to North Korean IT professionals. These account holders were falsely claiming to work remotely for international tech companies. The latest action from Microsoft is part of a larger effort to disrupt a fraud scheme managed by the Democratic People's Republic of Korea (DPRK). The scheme infiltrated hundreds of US and foreign companies for several years.
The Microsoft Threat Intelligence Center, which monitored this scam under the name "Jasper Sleet," reported that the fake employees used stolen or forged identities. Their aim was to secure lucrative remote positions, sometimes outperforming legitimate candidates.
“These are not hackers, they’re competent IT professionals performing actual work, with phony identities,” Microsoft wrote in a lengthy report.
The DPRK-supported operation leveraged a manpower network of trained operatives. Some were located in China and Russia, posing as remote technology workers applying for jobs using fictitious credentials and online personas. They aimed to generate revenue for the North Korean state and provide intelligence to state-sponsored hackers.
The scheme was assisted by co-conspirators in the US and elsewhere, who supplied identification documents, housed laptops in so-called ‘laptop farms,’ and assisted the workers in appearing locally based.
In one instance, a worker at a Maryland nail salon handled 13 off-site jobs for North Koreans and took home almost $1 million. He faces sentencing in August.
As part of their collaboration with Microsoft, the US Department of Justice (DOJ) seized hundreds of laptops as part of the Microsoft account disabling operation. About 29 financial accounts were knocked offline along with almost two dozen websites. Authorities searched 29 ‘laptop farms’ across the US employed to facilitate the fraud.
The DOJ indicated that certain American citizens willingly leased out their identities or devices to DPRK agents, actively assisting them in bypassing sanctions and perpetrating fraud.
Microsoft warns that North Korean IT professionals are now employing AI software to remain undetected. These include grammar checks for resumes, FaceSwap technology for editing profile pictures, and voice changers for navigating remote interviews.
Although Microsoft has not yet found real-time AI-created voice and video deepfakes being employed in interviews, it noted that’s what comes next.
“If successful, North Korean IT workers might conduct interviews directly without intermediaries,” the company stated.
Also Read: Cybersecurity in the Age of IoT: Threats and Opportunities
To counter the developing tactics, Microsoft has developed bespoke machine-learning software that identifies what it terms ‘impossible travel’, logins from the US followed by China or Russia within minutes.
It’s also strengthening ID protection and collaborating with US agencies to exchange intelligence and deploy real-time risk-detection systems.
“This is not fraud, it’s a threat to national security,” revealed a Microsoft official.
Microsoft is committed to ongoing monitoring and dismantling of the Jasper Sleet network. “They’re evolving quickly, but so are we,” said Jeremy Dallman, Senior Director of Microsoft Threat Intelligence.
The United Nations estimates that the North Korean IT worker program generates as much as $600 million annually. Officials say the funds are channeled directly into Kim Jong Un’s nuclear weapons program and used to fund overall cybercrime operations, including cryptocurrency theft.
