According to Microsoft, the workers are increasingly improving their tactics through the use of AI—eliminating grammatical errors, polishing up photos, and experimenting with voice-changing software.
Jasper Sleet is constantly changing and evolving their profiles across a wide variety of consumer email accounts, senior director of Microsoft Threat Intelligence Center Jeremy Dallman told Fortune in a statement.
At this point, Microsoft hasn’t seen the IT workers using combined AI voice and video just yet, the company said in its warning.
“We do recognize that combining these technologies could allow future threat actor campaigns to trick interviewers into thinking they aren’t communicating with a North Korean IT worker,” Microsoft warned. “If successful, this tactic could allow the North Korean IT workers to do interviews directly and no longer rely on facilitators standing in for them on interviews or selling them account access.”
The IT workers often use the same names and email addresses over and over in crafting their fake personas, using fraudulent profiles on job-networking sites and open-source coding platforms. Microsoft reported the IT workers have also started using AI tools like Faceswap to “move their pictures over to the stolen employment and identity documents” and to generally spruce up their profile pics.
Beyond the account suspensions, Microsoft said it has launched an array of methods to detect IT worker activity through ID protection and other tools. The company has also developed a custom machine-learning solution that uses “impossible time travel risk detections, most commonly between a Western nation and China or Russia” to identify suspect accounts.
