PLAY PODCASTS
How to Detect Malicious Remote Workers w/ James McQuiggan
Episode 9

How to Detect Malicious Remote Workers w/ James McQuiggan

Antisyphon Training Anticasts

March 17, 202659m 47s

Audio is streamed directly from the publisher (media.transistor.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode pageView transcriptChapters

Show Notes

Summary
Could a nation-state threat actor get hired and stay invisible to your SOC?

🛝Webcast Slides-
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_2026-03-11-AntiSyphon-DPRK-Hiring.pdf

Join us for a free one-hour training session with James McQuiggan, CISSP and Advisory CISO, as he teaches you the full lifecycle of North Korea’s AI-enabled IT worker operation, from AI-generated identities and U.S.-based laptop farms to the data theft and extortion that follow once they’re inside.

You’ll learn a practical detection and hunting playbook covering behavioral anomalies, identity red flags, and post-hire SOC indicators that catch what background checks miss.

If your SOC isn’t hunting for threats that were hired legitimately, this Antisyphon Anti-cast will change that.


Chapters

  • (00:00) - Intro – How to Detect Malicious Remote Workers - James McQuiggan
  • (01:17) - DPRK Solution – Did you Hire a North Korean?
  • (02:35) - But Really, Did We Just Hire a North Korean?
  • (04:31) - How comfortable are you to spot deepfakes?
  • (05:46) - Who is James R. McQuiggan
  • (07:42) - Webcast Agenda
  • (09:36) - Overview - North Korea Situation
  • (11:56) - DRPK Education
  • (14:31) - The Ultimate Inside Threat – DPRK Job Opps
  • (16:17) - Attacker's Playbook — Contagious Interview / WageMole Campaigns
  • (17:47) - Investigations – Crowdstrike / Okta / Unit 42
  • (19:14) - How Identities Are Built – AI Images
  • (21:05) - GenAI Resumes
  • (23:39) - Stateside Assistance
  • (25:23) - Face Swap / Voice Cloning & Webcams ➜ LIVE Deepfakes
  • (25:49) - AI Face Swap Demo
  • (29:55) - Video Camera Real time Video Deepfake Face Swap Interview
  • (30:43) - KnowBe4 Use Case – July 2024
  • (34:18) - Legal Impact
  • (35:42) - Companies Infiltrated — The Numbers
  • (36:11) - North Korean Farmers Arrested
  • (40:23) - SOC Playbook – Deepfake Dashboard
  • (40:53) - 12 Best AI Deepfake Detector Tools
  • (41:54) - Detecting VOIP Numbers & Identity
  • (43:01) - SOC Telemetry
  • (45:17) - Hiring Flags
  • (46:08) - HR – Hiring Tips
  • (48:24) - Human Risk – AI First Ready Security Team
  • (50:26) - Wrap Up and Q&A
  • (54:39) - James' Survey QR Code

Credits
Creators & Guests
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

← All episodes of Antisyphon Training Anticasts