North Korean IT Worker Threats
Threat Content Highlights
“Trending & Emerging Threats” weekly update: North Korean IT Worker Threats
- We added a new Campaign object based on recent Microsoft intelligence around North Korean workers who are believed to fraudulently gain employment with Western companies (activity that Microsoft tracks as “Jasper Sleet”).
- This is the second Campaign we’ve added around these schemes, and this week’s Threat Profile update includes both objects, weighted to emphasize recency.
- These workers take many steps to trick employees into hiring them, and after they're onboarded, detection opportunities could be relatively limited and/or noisy (e.g. VPN or remote access tool usage).
- A relatively unique characteristic of these schemes is use of IP-based keyboard/video/mouse devices (T1219.003 - Remote Access Hardware).
- Tidal Coverage Map Recommendations highlight an ATT&CK Analytic focused on a relevant implementation of this Sub-Technique: