Google’s, GOOGL, cybersecurity unit, Mandiant, has found dozens of US companies have accidentally hired North Korean spies using fake identities as remote workers

Mandiant has issued a warning that North Korean spies are posing as IT contractors to secretly generate funds for the expansion of Kim Jong-Un's weapons of mass destruction (WMD) and ballistic missile programs.

These fake contractors operate in different ways: some set up front companies, while others collaborate with non-North Korean "facilitators" who help them secure jobs. These facilitators also assist in money laundering, obtaining company laptops, using stolen identities for employment verification, and accessing global financial systems.

Charles Carmakal, Chief Technology Officer at Mandiant Consulting, stated, “I’ve spoken to dozens of Fortune 100 companies that unknowingly hired North Korean IT workers. These workers often hold multiple jobs simultaneously with different organizations, and frequently have elevated access to production systems or can alter application source code. There’s a real concern they could later exploit this access to plant backdoors in systems or software."

He added, “Every Fortune 100 company should be thinking about this issue.”

There’s growing fear that these fake freelancers might be part of a “human botnet,” ready to launch destructive actions whenever commanded by Pyongyang.

“The biggest concern is what happens if these threat actors remain undetected and are eventually ordered by the North Korean regime to initiate a large-scale attack,” said Michael Barnhart, Mandiant Principal Analyst at Google Cloud.

“These IT workers could be instructed tomorrow to deploy ransomware and cripple major organizations across the U.S. and Europe within a short period. The only way to stay ahead is by strength in numbers, which is why we’re urging businesses to reach out to Mandiant and share any information they have so we can work together to combat this complex scheme.”