NORTH Korean threat actors are increasingly using AI to enhance their long-running IT worker scams, with two DPRK-linked clusters, “Jasper Sleet” and “Coral Sleet,” described as applying AI to improve scale and precision of fraudulent campaigns. According to Microsoft threat intelligence team, these groups use AI to fabricate and maintain identities and to socially engineer prospective employers across various channels.
They research targeted jobs on platforms like Upwork, extract terminology from postings, and identify certs or tools that might make a fake resume appear credible, before generating names, email addresses and social media handles with AI tools. In some cases, they employ a face-swapping app called Faceswap to insert chosen faces into stolen identity documents, and they even use voice-changing software during interviews with employers.
The article notes that while these tactics are not novel, AI is enabling more convincing personas and more efficient workflows, potentially complicating detection and response.