Cyberside Chats: Cybersecurity Insights from the Experts

North Korea’s Deepfake Remote Workers: How They’re Getting Inside U.S. Companies

Listen Later

On National Social Engineering Day, we’re pulling the lid off one of the most dangerous insider threat campaigns in the world — North Korea’s fake remote IT worker program. 

Using AI-generated résumés, real-time deepfake interviews, and U.S.-based “laptop farms,” DPRK operatives are gaining legitimate employment inside U.S. companies — funding nuclear weapons programs and potentially opening doors to cyber espionage. 

We’ll cover the recent U.S. sanctions, the Christina Chapman laptop farm case, and the latest intelligence from CrowdStrike on FAMOUS CHOLLIMA — plus, we’ll give you specific, actionable ways to harden your hiring process and catch these threats before they embed inside your network. 

Actionable Takeaways for Defenders 

  1. Verify Beyond the Résumé:Pair government ID checks with independent work history and social profile verification. Use services to flag synthetic or stolen identities.
  2. Deepfake-Proof Interviews:Add unscripted, live identity challenges during video calls (lighting changes, head turns, holding ID on camera).
  3. Geolocation & Device Monitoring: Implement controls to detect impossible travel, VPN/geolocation masking, and multiple logins from the same endpoint for different accounts.
  4. Watch for Multi-Job Signals: Monitor productivity patterns and unusual scheduling; red flags include unexplained work delays, identical deliverables across projects, or heavy reliance on AI-generated output.
  5. Hold Your Vendors to the Same Standard: Ensure tech vendors and contractors use equivalent vetting, monitoring, and access control measures. Bake these requirements into contracts and third-party risk assessments. 

    6. References

    • U.S. Treasury Press Release – Sanctions on DPRK IT Worker Scheme 
    • CrowdStrike 2025 Threat Hunting Report – Profile of FAMOUS CHOLLIMA’s AI-powered infiltration methods 
    • National Social Engineering Day – KnowBe4 Announcement Honoring Kevin Mitnick 
      • ...more
      View all episodesView all episodes
      Download on the App Store
      Cyberside Chats: Cybersecurity Insights from the ExpertsBy Chatcyberside
      • 5
      • 5
      • 5
      • 5
      • 5

      5

      2 ratings

      More shows like Cyberside Chats: Cybersecurity Insights from the Experts

      View all
      No Agenda Show by Adam Curry & John C. Dvorak

      No Agenda Show

      5,948 Listeners

      Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

      Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

      373 Listeners

      The DSR Network by The DSR Network

      The DSR Network

      1,785 Listeners

      Conspirituality by Derek Beres, Matthew Remski, Julian Walker

      Conspirituality

      2,041 Listeners

      What Rough Beast by Virginia Heffernan and Stephen Metcalf

      What Rough Beast

      63 Listeners