March 17, 2026

How to Detect Malicious Remote Workers w/ James McQuiggan

59 minutes

Summary
Could a nation-state threat actor get hired and stay invisible to your SOC?

🛝Webcast Slides-
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_2026-03-11-AntiSyphon-DPRK-Hiring.pdf

Join us for a free one-hour training session with James McQuiggan, CISSP and Advisory CISO, as he teaches you the full lifecycle of North Korea’s AI-enabled IT worker operation, from AI-generated identities and U.S.-based laptop farms to the data theft and extortion that follow once they’re inside.

You’ll learn a practical detection and hunting playbook covering behavioral anomalies, identity red flags, and post-hire SOC indicators that catch what background checks miss.

If your SOC isn’t hunting for threats that were hired legitimately, this Antisyphon Anti-cast will change that.

Chapters

(00:00) - Intro – How to Detect Malicious Remote Workers - James McQuiggan

(01:17) - DPRK Solution – Did you Hire a North Korean?

(02:35) - But Really, Did We Just Hire a North Korean?

(04:31) - How comfortable are you to spot deepfakes?

(05:46) - Who is James R. McQuiggan

(07:42) - Webcast Agenda

(09:36) - Overview - North Korea Situation

(11:56) - DRPK Education

(14:31) - The Ultimate Inside Threat – DPRK Job Opps

(16:17) - Attacker's Playbook — Contagious Interview / WageMole Campaigns

(17:47) - Investigations – Crowdstrike / Okta / Unit 42

(19:14) - How Identities Are Built – AI Images

(21:05) - GenAI Resumes

(23:39) - Stateside Assistance

(25:23) - Face Swap / Voice Cloning & Webcams ➜ LIVE Deepfakes

(25:49) - AI Face Swap Demo

(29:55) - Video Camera Real time Video Deepfake Face Swap Interview

(30:43) - KnowBe4 Use Case – July 2024

(34:18) - Legal Impact

(35:42) - Companies Infiltrated — The Numbers

(36:11) - North Korean Farmers Arrested

(40:23) - SOC Playbook – Deepfake Dashboard

(40:53) - 12 Best AI Deepfake Detector Tools

(41:54) - Detecting VOIP Numbers & Identity

(43:01) - SOC Telemetry

(45:17) - Hiring Flags

(46:08) - HR – Hiring Tips

(48:24) - Human Risk – AI First Ready Security Team

(50:26) - Wrap Up and Q&A

(54:39) - James' Survey QR Code

Credits
Creators & Guests

Deb Wigley - Host

Jason Blanchard - Host

James McQuiggan - Guest

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

...more

View all episodes

By Antisyphon Training

March 17, 2026

How to Detect Malicious Remote Workers w/ James McQuiggan

59 minutes

Summary
Could a nation-state threat actor get hired and stay invisible to your SOC?

🛝Webcast Slides-
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_2026-03-11-AntiSyphon-DPRK-Hiring.pdf

You’ll learn a practical detection and hunting playbook covering behavioral anomalies, identity red flags, and post-hire SOC indicators that catch what background checks miss.

If your SOC isn’t hunting for threats that were hired legitimately, this Antisyphon Anti-cast will change that.

Chapters

(00:00) - Intro – How to Detect Malicious Remote Workers - James McQuiggan

(01:17) - DPRK Solution – Did you Hire a North Korean?

(02:35) - But Really, Did We Just Hire a North Korean?

(04:31) - How comfortable are you to spot deepfakes?

(05:46) - Who is James R. McQuiggan

(07:42) - Webcast Agenda

(09:36) - Overview - North Korea Situation

(11:56) - DRPK Education

(14:31) - The Ultimate Inside Threat – DPRK Job Opps

(16:17) - Attacker's Playbook — Contagious Interview / WageMole Campaigns

(17:47) - Investigations – Crowdstrike / Okta / Unit 42

(19:14) - How Identities Are Built – AI Images

(21:05) - GenAI Resumes

(23:39) - Stateside Assistance

(25:23) - Face Swap / Voice Cloning & Webcams ➜ LIVE Deepfakes

(25:49) - AI Face Swap Demo

(29:55) - Video Camera Real time Video Deepfake Face Swap Interview

(30:43) - KnowBe4 Use Case – July 2024

(34:18) - Legal Impact

(35:42) - Companies Infiltrated — The Numbers

(36:11) - North Korean Farmers Arrested

(40:23) - SOC Playbook – Deepfake Dashboard

(40:53) - 12 Best AI Deepfake Detector Tools

(41:54) - Detecting VOIP Numbers & Identity

(43:01) - SOC Telemetry

(45:17) - Hiring Flags

(46:08) - HR – Hiring Tips

(48:24) - Human Risk – AI First Ready Security Team

(50:26) - Wrap Up and Q&A

(54:39) - James' Survey QR Code

Credits
Creators & Guests

Deb Wigley - Host

Jason Blanchard - Host

James McQuiggan - Guest

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

...more

Share How to Detect Malicious Remote Workers w/ James McQuiggan

Sign up to save your podcasts

How to Detect Malicious Remote Workers w/ James McQuiggan

How to Detect Malicious Remote Workers w/ James McQuiggan