Microsoft Takes on North Korean Cyber Threats: An Escalating Cyber War
Microsoft has recently suspended 3,000 consumer accounts and implemented new security detections in response to an escalating threat from North Korean IT workers infiltrating US companies. The tech giant revealed that state-sponsored hackers from the group “Jasper Sleet” are using sophisticated AI-powered tools to enhance their fraudulent employment operations.
Since 2020, over 300 US companies across multiple industries, including Fortune 500 firms, have unknowingly employed these workers. A recent Justice Department indictment revealed that North Korean operatives generated at least $866,255 from just 10 of the 64 infiltrated companies between 2018 and 2024.
The threat actors are evolving their tactics to incorporate custom and AI-enabled software, making detection increasingly challenging. Microsoft has implemented alerts through Entra ID Protection and Defender XDR to notify customers of suspicious activity.
The company warns that these workers are not just seeking employment but are actively stealing sensitive data and generating revenue for the North Korean government’s weapons programs.
Source: Microsoft Security Blog