Home NorthKorea North Korean Spy Poses as AI Employee, Exposing Insider Threat to South...

North Korean Spy Poses as AI Employee, Exposing Insider Threat to South Korean Businesses

By
Min Seok Kim
-
0
Michael Tremante, Senior Director of Application Security Products at Cloudflare, speaks during the press conference. 2025.9.9 / News1
Michael Tremante, Senior Director of Application Security Products at Cloudflare, speaks during the press conference. 2025.9.9 / News1

Cloudflare disclosed an incident in which a North Korean spy infiltrated a client company, emphasizing that South Korean businesses must be prepared for insider threats.

Michael Tremante, Cloudflare’s Senior Director of Application Security and Product, revealed the infiltration process during a press briefing on Tuesday at the Josun Palace in Gangnam, Seoul. He stated that there was an actual instance where a client hired a North Korean spy.

Tremante explained that an individual who had gone through the usual hiring process for an artificial intelligence (AI) company turned out to be a North Korean spy. He further noted that even though they passed the resume screening, it failed to detect the anomaly early enough, which allowed the spy to start working.

He continued that this individual exhibited behavior significantly different from that of regular employees, such as downloading an unusually large amount of data immediately after connecting to the virtual private network (VPN). Further noting that after reviewing their peculiar behavior and resume, it confirmed they were a spy and terminated their employment two months later.

Tremante underscored the seriousness of the situation by noting that there have been numerous cases where individuals presumed to be allies or internal staff turned out to be adversaries.

Earlier, Google\'s Threat Intelligence Group, Google Mandiant, OpenAI, and Korea University\'s Graduate School of Information Security issued reports warning about the spy activities of North Korean hacking groups.Google Mandiant reported that many Fortune 100 companies have inadvertently employed North Korean information technology (IT) personnel. These individuals often work remotely for multiple companies concurrently, gaining access to internal systems.Tremante also shared insights on the current state of distributed denial-of-service (DDoS) attacks in South Korea.He noted that the number of DDoS attackers targeting South Korea has been steadily increasing each quarter. Noting that fortunately, 47% of the attacks are SYN floods, which can be mitigated if networks have appropriate security measures in place.He added that the U.S. ranks as the top source of attacks, with Japan and Hong Kong also targeting South Korean government and corporate networks. Further noting that in highly competitive industries, companies frequently attack each other, leaving them perpetually exposed to DDoS threats.Meanwhile, Jo Won-kyun, the head of Cloudflare\'s Korean branch, stated that a recent network outage in South Korea occurred due to a break in the backbone fiber.
Earlier, Google’s Threat Intelligence Group, Google Mandiant, OpenAI, and Korea University’s Graduate School of Information Security issued reports warning about the spy activities of North Korean hacking groups.Google Mandiant reported that many Fortune 100 companies have inadvertently employed North Korean information technology (IT) personnel. These individuals often work remotely for multiple companies concurrently, gaining access to internal systems.Tremante also shared insights on the current state of distributed denial-of-service (DDoS) attacks in South Korea.He noted that the number of DDoS attackers targeting South Korea has been steadily increasing each quarter. Noting that fortunately, 47% of the attacks are SYN floods, which can be mitigated if networks have appropriate security measures in place.He added that the U.S. ranks as the top source of attacks, with Japan and Hong Kong also targeting South Korean government and corporate networks. Further noting that in highly competitive industries, companies frequently attack each other, leaving them perpetually exposed to DDoS threats.Meanwhile, Jo Won-kyun, the head of Cloudflare’s Korean branch, stated that a recent network outage in South Korea occurred due to a break in the backbone fiber.

Jo Won-kyun, the head of Cloudflare’s Korean branch, speaks at a press conference / Provided by Cloudflare

@@@

RELATED ARTICLES

NO COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

©
Exit mobile version