U.S. Rep. Andy Ogles (R-TN) wants answers from tech companies about suspected North Korean infiltration of U.S. companies.
Ogles, the chair of the House Subcommittee on Cybersecurity and Infrastructure Protection, said he has sent a letter to LinkedIn, Amazon Web Services and Palo Alto Networks requesting senior executives within their companies testify at a Feb. 10 hearing. At issue is North Korea’s use of remote IT worker schemes to infiltrate U.S. companies, fund weapons programs and undermine national security.
“The Subcommittee on Cybersecurity and Infrastructure Protection of the House Committee on Homeland Security is examining a growing national security threat driven by the Democratic People’s Republic of Korea’s (commonly known as North Korea…), exploitation of modern remote work and digital hiring practices to embed operatives within U.S. companies under false identities,” Ogles wrote. “Although this activity is not a recent development and is frequently encountered at the company level as hiring fraud or identity theft, its scale, sophistication, and potential impact have increased significantly. The Kim Jong Un regime has adapted this model into a state-directed strategy to evade sanctions, generate illicit revenue, and obtain unauthorized access to U.S. corporate and technological environments. As a result, this activity now poses serious and direct risks to the security of the homeland.”
Ogles wrote the Kim Jong Un regime has exploited cloud-based hiring platforms, remote work and AI-enabled impersonation tools to gain unauthorized access to U.S. corporate environments using false identities. Often these workers targe positions in software development, cloud engineering and cybersecurity, the letter said, and the schemes have escalated in scale and sophistication.
“Public reports, federal law enforcement actions, and private sector investigations have demonstrated that DPRK operatives are using stolen or fabricated identities and artificial intelligence-enabled impersonation tools, including synthetic imagery and voice manipulation technologies, to defeat traditional safeguards and obtain remote employment at American companies,” he wrote. “These operatives often deliberately apply for and secure positions in technical, cloud, and security relevant roles, thereby enabling the DPRK government to penetrate internal systems, proprietary data, and operational environments never intended to be exposed to a hostile foreign adversary.”
The Congressman said LinkedIn, Amazon Web Services, and Palo Alto Networks all are part of the threat landscape, and he hopes they will be able to provide more insight into practice from an operational perspective.