In general, the scheme involves the use of deceptive tactics, including stolen identities and remote access technology tools, to secure IT employee or contractor positions within US-based employers. The allure of high pay for these roles, coupled with a comparatively low risk of detection, makes this scheme particularly enticing for DPRK operatives.
The US Department of Justice announced in a recent court-approved seizure action:1
What can you do with this information?
We recommend that companies mitigate this risk by using a risk-based approach to:
We invite you to reach out to continue the conversation on how to most effectively detect, prevent, and correct this or other types of fraud, cybercrime, misconduct, and non-compliance.
CRA’s Forensic Services Practice – including our digital forensics, eDiscovery, and cyber incident response lab – is certified under ISO 27001:2022 standards. The Practice has been recognized by National Law Journal, Global Investigations Review, and ranked by Chambers. CRA’s clients over the past two years included 97% of the AmLaw 100 law firms, and 82% of the Fortune 100 companies.
