State Sponsored “Cyber Warriors” — North Korean Remote IT Workers
DAY 2
15:00-
15:40
The presentation will cover North Korean remote IT workers and the broad operational methods they utilize. It will start with their likely methods of faking, stealing, or purchasing credentials or identities, and some ways they fake their identity and background in an interview. Next, it will cover their malicious actions once they gain employment, including deploying ransomware or malware, or stealing information from the employer to sell on the dark web. There will be a section on their preferred targets and how to spot a “laptop farm” that North Koreans set up through their proxies overseas. The presentation will also include details on the software they use to obfuscate their identity and real location, as well as an overview of insights gleaned from the data logs of a suspected North Korean IT worker’s computer. It will end with a discussion on some mitigations to prevent companies from unintentionally hiring North Korean IT workers.
-
Location :
-
Track 1(HALL B)
-
-
Category :
-
CyberCrime
-
-
Share :
Speakers
-
Alexander Leslie
アレクサンダー・レスリー
Alexander Leslie is a Senior Threat Intelligence Analyst with Recorded Future's Advanced Cybercrime and Engagements (ACE) team. His research focuses on the intersection of cybercrime and state-sponsored operations.
-
Scott Kardas
スコット・カルダス
Scott Kardas is a Geopolitical Threat Intelligence analyst with Recorded Future. He received his undergraduate degree from the University of Illinois at Urbana-Champaign and his Master's degree from Yonsei University, Graduate School of International Studies in Seoul, South Korea. He has previously worked as a civilian instructor at the Korea Military Academy in Seoul, South Korea.