[kibwen]

The risk is not the quality of the work that the person might do. The risk is that you now have a state-controlled North Korean asset operating inside your security perimeter.

[mhurron]

A lot of these are not there to breach your data, they're there to make money and fund the DRPK.

That's why there's no one industry or types of businesses being targeted, it's anywhere they can get hired. If your a high profile target, that's a bonus not the original goal.

[kibwen]

NK is a client state of Russia and China. Their handlers are all too happy to pay for sneaking loyal dogs inside the henhouse.

[sugarpimpdorsey]

It's 2025, it's all about zero-trust now. Can't be inside the security perimeter when there is no security perimeter.

Hiring mischievous North Koreans is fully in line with your CIO's new priorities, which she heard about at a conference once.

[kibwen]

The reason that North Korea targets IT roles in particular is precisely because they're the weak link in zero-trust implementations. Someone, somewhere, has the unfettered rights to access the production database, and they're in the IT department.

[mgiampapa]

If not production, they can usually read all the backups, DR systems, logging telemetry, legal discovery systems etc...

[freedomben]

Zero trust doesn't do anything for you when you give the person a legitimate account with access, which presumably you must do for employees else they can't typically do any work