Podcast Summary: "North Korean Remote Workers are at it Again!" – BHIS - Talkin' Bout [Infosec] News

Release Date: July 9, 2025

Hosted by: Black Hills Information Security (BHIS)

1. Introduction

In this episode of "Talkin' About [Infosec] News," the Black Hills Information Security team delves into a range of current cybersecurity topics, with a particular focus on North Korean remote workers, advancements in cybersecurity among Fortune 500 companies, and the evolving landscape of security tooling and threat intelligence.

2. $10 Million Bounty on North Korean Hackers

The discussion kicks off with Wade highlighting a significant development: a $10 million bounty has been placed on information pertaining to North Korean hackers. This move raises intriguing questions about the potential for individuals to engage in cyber bounty hunting.

• Wade (00:37): "There's a $10 million bounty on information for North Korean hackers. Now does that mean I can be a cyber bounty hunter?"
• Corey (00:55): "I've actually spent my time looking for base 64 in my URL again for the 450th time."

This bounty underscores the ongoing threats posed by North Korean cyber operations and the increasing efforts to counteract them through substantial financial incentives.

3. Resumé Submission Practices in Cybersecurity Hiring

The conversation shifts to the complexities of hiring within the infosec community, particularly the prevalence of AI-generated resumes and prompt injection techniques. The team critiques the effectiveness of traditional hiring practices and the increasing reliance on automated tools.

• John Strand (02:22): "Like, why wouldn't you [use AI for cover letters]. You realize it's just so much work."
• Bronwyn (02:34): "People who are just doing copy paste and aren't reviewing their cover letters at all."

The panel discusses the challenges of distinguishing genuine candidates from those who manipulate AI tools to enhance their applications, highlighting the need for more robust screening processes.

4. Fortune 500 Cyber Risk Decline

Corey presents a contentious article claiming that Fortune 500 companies have seen a 33% decline in cyber risk since 2008. The team debates the validity of this statistic, considering the enhanced cybersecurity measures and larger security teams within these organizations.

• John Strand (07:25): "The larger an organization was, the larger the attack surface was and the less likely we were to be detected and the more likely we were to be successful."
• Corey (11:13): "This statistic is basically there's more breaches, but they're less likely to affect big companies."

While breaches have become more common, their impact on large corporations seems to be mitigated by significant investments in cybersecurity infrastructure and personnel.

5. Security Tooling Challenges in Large Organizations

Wade and Corey discuss the overlapping security tools often found in large enterprises, leading to inefficiencies despite the comprehensive coverage these tools aim to provide.

• Wade (11:37): "There's a large amount of tooling that goes in there. Like there's three tools that all do the same thing."
• Corey (12:06): "If you have overlap, it's not as good financially. But honestly, one of those things better catch something if something's going on."

They emphasize the balance between tool redundancy for better detection versus the financial and operational overhead it introduces.

6. North Korean Remote Workers and Their Infiltration Techniques

A significant portion of the episode is dedicated to discussing North Korean remote workers infiltrating organizations. The team explores how these actors exploit trust models within companies to gain unauthorized access.

• John Strand (21:01): "Jasper Sleet is previously known as Storm. These are the remote IT workers from North Korea that we've been tracking."
• Corey (22:17): "Since 2020, the U.S. government and cybersecurity community have identified thousands of North Korean workers infiltrating companies."

The group debates the implications for job seekers in IT security and the broader challenges companies face in distinguishing legitimate employees from covert threat actors.

7. Misuse of Offensive Security Tooling and Company Retaliation

The episode delves into the abuse of offensive security tools by malicious actors and the retaliatory measures taken by companies like Elastic Security.

• John Strand (37:06): "If you're out there and you're trying to make money, you have to share that with the company who can stop that from happening."
• Corey (36:07): "Shelter is being misused to deploy info stealers. It's like if someone got access to Outflank, OST, or Cobalt Strike and used it maliciously."

The panel criticizes the approach of targeting offensive security firms for vulnerabilities, suggesting that such actions could provoke retaliatory bypass attempts, ultimately harming both parties.

8. Ransomware Attack on Ingram Micro

An update on a ransomware attack targeting Ingram Micro is discussed, highlighting the ongoing threats to supply chain software companies.

• Corey (47:04): "Ingram Micro is down. It's ransomware."
• John Strand (47:14): "Ingram needs to take a breath after this and realize just how much worse this could have been."

The team speculates on the motives behind the attack, considering whether it was purely financially driven or part of a larger strategy to disrupt supply chains.

9. Rapid-Fire Stories: AI and GDPR, Call of Duty Exploit

In the rapid-fire segment, the team touches on several additional topics:

• AI and GDPR Compliance:

  • Corey (50:03): "Are there any AI models that are GDPR compliant? Because that seems impossible."
  • Bronwyn (51:00): "Most LLMs are built using content that is strictly in the public domain."

  The discussion revolves around the challenges of ensuring AI models comply with data protection regulations, with skepticism about the feasibility of achieving full GDPR compliance.

• Call of Duty Exploit:

  • Wade (53:31): "Old Call of Duty game has something you didn't see. People started claiming that anytime they downloaded and played it, they started getting hacked."

  The team explains a security vulnerability in older game clients that could be exploited by attackers to gain remote code execution (RCE), emphasizing the importance of securing all exposed services.

10. Conclusion and Announcements

Wrapping up the episode, the hosts share updates and promote upcoming events:

• Wade (55:14): "Death Con is going on. Detection engineering and threat hunting tickets are now open for both virtual and on-site attendance in San Diego."
• John Strand (55:22): "Thanks everyone. Take care."

The team encourages listeners to engage with their security training offerings and stay informed about the latest developments in the infosec landscape.

Key Takeaways:

• North Korean Cyber Threats: Persistent and evolving, with significant financial incentives being offered to counteract their activities.
• Fortune 500 Security: Enhanced cybersecurity measures are reducing the impact of breaches on large organizations, though the overall number of breaches is increasing.
• Hiring Challenges: The rise of AI in resume submissions necessitates more rigorous hiring processes to identify genuine talent.
• Tooling Efficiency: Overlapping security tools in large organizations can lead to inefficiencies despite better coverage.
• Offensive Tool Misuse: Defensive companies should collaborate with offensive teams rather than antagonize them to improve security measures effectively.
• Ransomware Threats: Supply chain software companies like Ingram Micro remain prime targets for financially motivated attacks.
• AI and Compliance: Achieving GDPR compliance for AI models is highly challenging, raising concerns about data privacy and usage.
• Vulnerabilities in Legacy Systems: Older software, including games like Call of Duty, can harbor exploitable vulnerabilities that attackers may leverage.

This comprehensive episode offers valuable insights into the current state of cybersecurity, the tactics employed by nation-state actors, and the ongoing challenges faced by organizations in securing their digital infrastructures.