Microsoft Warns North Korean Agents Using AI to Secure Remote IT Jobs at Western Firms
Key Takeaways
- ▸North Korean operatives are using AI voice-changers, Face Swap deepfakes, and automated content generation to obtain remote IT jobs at western companies
- ▸Microsoft disrupted 3,000 fraudulent email accounts last year and identified two main threat groups (Jasper Sleet and Coral Sleet) behind the operations
- ▸Once hired, fake workers send wages to North Korea and have threatened companies with data leaks after termination
Summary
Microsoft has revealed that North Korean state-backed operatives are deploying sophisticated AI tools to deceive western companies into hiring them for remote IT and software development positions. According to the tech giant's threat intelligence unit, groups identified as Jasper Sleet and Coral Sleet are using voice-changing software, deepfake technology like Face Swap, and AI-generated content to create convincing false identities and mask their origins during job applications and interviews. Once hired, these workers funnel their wages back to the North Korean government and have been known to threaten companies with data leaks after termination.
The scam operation spans the entire employment lifecycle, with AI being leveraged at every stage. Operatives use AI platforms to generate culturally appropriate names and matching email formats, scrape job postings to identify required skills, and craft tailored applications. During interviews, voice-changing software helps mask accents, while Face Swap technology inserts North Korean workers' faces into stolen identity documents and creates professional-looking headshots for resumes. After securing positions, the fake workers continue using AI to write emails, translate documents, and generate code to maintain the illusion of competence.
Microsoft disclosed that it disrupted approximately 3,000 Outlook and Hotmail accounts used by these fraudulent workers last year. The company is now urging businesses to conduct video or in-person interviews for IT roles and train interviewers to spot deepfake indicators such as pixellation around facial features, edges of glasses, and other visual inconsistencies. The revelation highlights how North Korea is adapting traditional employment fraud schemes with cutting-edge AI capabilities to circumvent international sanctions and generate revenue for the Kim Jong-un regime.
- Companies are advised to conduct video or in-person interviews and watch for deepfake indicators like pixellation around facial features
