A threat group linked to North Korea, named Jasper Sleet, is reportedly securing jobs at legitimate companies by using fabricated IT worker identities. This tactic grants them unwarranted access to cloud environments and sensitive internal data, as revealed by Microsoft.
The Rise of Remote Work as a Vulnerability
The transition to remote and hybrid work models, accelerated by the COVID-19 pandemic, has changed hiring practices significantly. Many organizations now rely on online interviews and digital onboarding processes, which have inadvertently created new vulnerabilities for cyber threats.
Jasper Sleet has exploited this shift. By leveraging stolen or fake identities, alongside AI-assisted methods, they have successfully impersonated genuine job candidates, thereby infiltrating companies with ease.
Infiltration Tactics and Strategies
Microsoft’s research team has closely monitored Jasper Sleet’s activities, noting their targeted approach towards companies that utilize popular HR software like Workday. This group identifies potential job roles via external career platforms and employs generative AI to craft convincing digital personas that can bypass recruitment filters.
The group’s strategy involves a thorough study of job postings to tailor applications that match the skills and language required by the target company, thereby deceiving hiring personnel into granting them access.
Impact and Prevention Measures
Once hired, Jasper Sleet completes onboarding processes, establishes payroll accounts, and gains access to vital tools such as Microsoft Teams and SharePoint. Microsoft has detected a rise in suspicious travel alerts related to new hires, indicating unusual remote worker activity.
The breadth of this threat is extensive, affecting any organization hiring remote workers and using cloud-connected HR platforms. Microsoft has published these findings to assist security and HR teams in identifying and mitigating such risks before they materialize.
To combat these sophisticated tactics, Microsoft advises organizations to integrate tools like Microsoft Defender for Cloud Apps to monitor HR software activity and detect anomalies. Training HR teams to recognize signs of social engineering during recruitment is also recommended.
By identifying red flags early, organizations can prevent security breaches before they occur, safeguarding their environments from these increasingly sophisticated cyber threats.
