Politics

The Google expert who discovered North Korean spies in European companies: “When we notified the client, he responded: ‘Are you sure? He was one of our best employees'”

By AndreaPosted on
Time to Read:-words
The Google expert who discovered North Korean spies in European companies: "When we notified the client, he responded: 'Are you sure? He was one of our best employees'"

A Google security researcher encountered an unexpected reaction when he alerted a security company. that one of his employees was not who he said he was. The company, far from being immediately alarmed, responded with disbelief: the worker in question was considered one of the best on the team. However, according to the analyzes of specialists, in reality it was an agent linked to North Korea who had managed to infiltrate the staff.

The case illustrates a growing trend detected by cybersecurity experts: operators linked to the Kim Jong Un regime who pose as technology professionals to get jobs in Western companies. Once inside, they collect salaries, access internal systems and, in some cases, try to obtain sensitive information or introduce malicious software.

A “digital army” that works from within

According to American researchers and authorities, This strategy has been underway for years. Data from the United States Department of Justice indicates that between 2020 and 2024 false workers linked to North Korea They managed to infiltrate more than 300 companies in the United Statesgenerating at least 6.8 million dollars for the regime.

Now, specialists believe that the phenomenon is also spreading to Europe. Jamie Collier, advisor to Google’s threat intelligence team on the continent, has detected signs that These operations are already present in European companies and have even set up “laptop farms” in the UK to operate remotely.

These facilities function as centers from which agents control multiple computers sent by companies to supposed employees who work from home.

Artificial intelligence, key in deception

One of the reasons why this type of infiltration has become more effective is the increasing use of artificial intelligence. Tools based on language models and image generation allow impostors to create professional identities that are much more credible than in the past.

According to Alex Laurie, technological director of the security company Ping Identity, AI makes it easy to create compelling resumescomplete professional profiles and emails perfectly adapted to the cultural context of each country.

Scammers also use techniques such as:

  • Theft or purchase of inactive accounts on LinkedIn
  • Creation of job profiles with fictitious years of experience
  • Use of filters and deepfakes to simulate video call interviews

Thanks to these tools, fake candidates can pass selection processes without arousing suspicion.

How infiltration works

The method is usually developed in several phases. First, operators create or acquire false identities who appear to belong to professionals in the technology sector with several years of experience. Next, they apply for high-paying remote positions, especially in areas related to software, data or artificial intelligence.

When they get the job, the second part of the operation begins. Companies usually send a corporate laptop to the new worker, but agents intercept these devices and control them from operational centers. From there they connect to the company’s systems and use automated tools—including chatbots—to perform real work tasks.

In some cases, operators even manage several jobs at the same time, multiplying the income obtained.

A growing risk for companies

Experts such as Rafe Pilling, head of threat intelligence at Sophos, believe that This is an organized operation with state support. According to him, a relatively small group of North Korean workers has managed to infiltrate numerous technology companies taking advantage of the rise of remote work.

The phenomenon also worries large companies in the sector. Amazon security chief Stephen Schmidt revealed that the company had blocked more than 1,800 infiltration attempts from April 2024.

For specialists, the problem is that many companies They do not consider the hiring process as a security risk. That gap is precisely what these operations exploit.

The result is an inconspicuous threat: seemingly productive employees who are actually part of a system designed to finance the North Korean regime and, potentially, access sensitive information.

As the case detected by Google demonstrates, deception can be so convincing that even when it is discovered, companies have a hard time believing it. Because, at the end of the day, the alleged infiltrator simply seemed like… an exemplary worker.

source

You may also like:

Austria reports problems: They found poisoning in HiPP baby food. Suspicious packages were also discovered in Slovakia and the Czech Republic

Pope Leo: Why did he visit Cameroon? From the "beef" with Trump to the conflict over the future of Africa

Pope Leo: Why did he visit Cameroon? From the “beef” with Trump to the conflict over the future of Africa

Mass drone attack on Ukraine. Russia launched 236 missiles, some of which hit houses and a school in Chernihiv

El Periódico

War Ukraine – Russia, live, breaking news