2024-2025 Global AI Trends Guide
The New York State Department of Financial Services (“NYDFS”) has urged organizations to exercise caution when hiring remote employees due to an increase in individuals located in the Democratic People’s Republic of Korea (“North Korea”) misleading companies regarding their location in order to generate income and potentially gain access to systems or data.
Following repeated attempts by North Korean nationals to secure remote Information Technology (“IT”) jobs at U.S. companies to access company systems and generate revenue for the North Korea, the NYDFS recommends that organizations exercise caution when hiring for remote technology-related positions. These individuals often use virtual private networks (“VPNs”) and false or stolen identities to appear as though they are working in the United States. Indications that someone may be conducting this kind of scam include requesting to ship devices to an alternate location and declining to participate in in-person or video conferences. Threat actors also may download remote access tools to their company devices in order to allow them to remotely control those devices, often using native tools to avoid detection.
The NYDFS recommends organizations take the following steps to protect their information systems from these actors:
Hogan Lovells has covered insider threats, including in particular from North Korean nationals seeking remote positions, as well as proactive steps to reduce risk in more detail in The Data Chronicles. For more information, you can listen to the podcast episode here.
Authored by Nathan Salminen, Dan Ongaro, and Emma Kotfica.