Hackers Hiding in Plain Sight
North Korean state-sponsored hackers are using AI-generated CVs and stolen identities to pose as remote IT workers, infiltrating unsuspecting UK companies.
A recent report from cybersecurity firm Crowdstrike reveals that the group, dubbed ‘Famous Chollima’, has shifted its focus from the US to the UK and Europe in 2024, following a crackdown by American authorities.
300+ Cases Logged: “Employees” Delivering 4 Lines of Code a Week
Crowdstrike has tracked over 300 infiltration attempts this year, with nearly 40% involving malicious insiders placed in industries including finance, healthcare, and tech.
These so-called workers often deliver minimal output—sometimes just four lines of code a week—but still collect full salaries. Many companies remain unaware they’ve been compromised.
Laptop Farms and Remote Takeovers
Once hired, the compromised laptops are rerouted to “laptop farms” in the US, where overseas hackers access them via proxies. Devices are then loaded with remote access tools and covert browser extensions, giving hackers control from North Korea, China, or Russia.
Live Interviews Are No Longer Optional
Adam Meyers, head of counter adversary operations at Crowdstrike, says:
“Treat hiring as a security-critical process. Use live video onboarding, cross-check documents, and monitor for red flags like login anomalies or chronic underperformance.”
UK in the Crosshairs as Global Threat Rises
The UK government has issued a new advisory, urging businesses to tighten scrutiny on remote applicants and bolster threat detection.
This follows the December 2024 indictment of 14 North Koreans in the US, accused of a years-long scam that netted the DPRK an estimated $88 million from Western companies.
Fraud, Extortion, and “Socialist Competitions”
Some fake workers attempted extortion, threatening to leak stolen data. Most, however, simply drained salaries, funneling funds back to the regime—where hackers reportedly competed in “socialist competitions” for who could earn the most.
Any UK Tech Role Could Be a Target
Hackers aren’t picky—they apply to any open remote role, meaning every UK company hiring developers is at risk.
My Recruiter Jobs