The SEC has indicted 14 individuals and 4 entities for their role in a North Korean fake IT worker scheme. This marks the first major crackdown on what experts have long warned is a serious insider threat to global technology firms.
For years, North Korean threat actors have infiltrated U.S. firms by posing as remote IT workers, using stolen identities and AI-generated documents to secure jobs.
This elaborate scheme has siphoned an estimated $88 million from U.S. businesses, with major companies like Microsoft and KnowBe4 unknowingly employing these operatives. Technology, financial, and information and communications technology firms are at particular risk.
In response to this growing risk, companies like Palo Alto Networks are stepping up their defenses, partnering with Vcheck to implement advanced identity verification and prevent insider threats.
Thanks to this collaboration, Palo Alto Networks has identified multiple fraudulent candidates trying to bypass systems, highlighting both the sophistication of the North Korean operation and the critical need for rigorous pre-employment screening protocols.
Who is the Modern Insider Threat Actor?
Verizon’s 2024 Data Breach Investigation Report reveals that 88% of data breaches involving lost or stolen assets were caused by insider threats. With the rise of remote work, traditional verification methods prove insufficient to counter these sophisticated schemes.
Today’s insider threats extend beyond disgruntled employees or negligent staff, now the result of sophisticated, state-sponsored actors with advanced technical expertise. These actors use stolen U.S. identities and documentation to circumvent traditional, manual verification and background check processes.
Here’s how these threats are executed:
- AI-powered Identity Fraud: Bad actors manipulate stock photos and use AI-generated images to create convincing fake IDs.
- Laptop Farms: U.S.-based accomplices set up ‘safe zones’ where company equipment is received and transferred to operatives.
- Remote Access: Bad actors access these company devices remotely while masking their true locations.
- VPNs and Proxy Services: Operatives use these tools to appear as though they are working from authorized locations, bypassing security checks.
How Vcheck Helped Palo Alto Networks Protect Itself Against North Korean Threat Actors
Knowing the risk threat actors pose to a technology company’s resources and IP, Palo Alto Networks partnered with Vcheck to strengthen its defenses against fraudulent applicants and bad actors.
Vcheck’s advanced ID Verification solution runs over 100 forgery checks on candidate documents to determine manipulation and tampering. Biometric validation and facial mapping follow to confirm candidates’ liveness and identity.
When discrepancies arise, Vcheck’s investigative team conducts deeper analysis and IP address validation to pinpoint location, document manipulation, and false positives.
The partnership quickly proved valuable as Vcheck flagged several remote candidates who failed authenticity checks, prompting manual investigations. Vcheck’s investigators review document formatting, cross-referenced information with official state MVR records, and analyzed IP address logs to verify candidate’s physical locations.
Thanks to Vcheck’s identity verification tools, Palo Alto Networks was able to detect and respond to insider threats in real-time, preventing fraudulent candidates from infiltrating their systems.
Facing the North Korean Insider Threat: A Call to Action for Businesses
As North Korean threat actors continue infiltrating and stealing from U.S. businesses, companies must follow Palo Alto’s example and prioritize rigorous pre-employment verification to prevent unauthorized access.
Vcheck’s ID Verification solutions provide a critical first line of defense by conducting over 100 forgery checks, verifying biometric liveness, and analyzing IP addresses to confirm identity legitimacy.
Contact Vcheck to learn how our ID Verification solution can fortify your defenses against insider threats.