US Warns Against Hiring North Korean Hackers

The US administration and law enforcement have warned companies to be wary of inadvertently hiring North Korean IT workers as remote staff.

Skilled North Korean staff are pretending to come from other parts of Asia in order to gain high-paid tech jobs with the purpose of funding their country’s weapons programmes, the state and treasury departments and the FBI said.

The warning comes amidst a hiring crunch – particularly in tech jobs – that is pushing companies  to find ways of filling positions, such as by increasing wages or offering remote working.

The North Korean effort is a way of evading US and UN sanctions on the country’s nuclear weapons and ballistic missile programmes, the US advisory said.

Illicit funds

“There are thousands of DPRK IT workers both dispatched overseas and located within the DPRK, generating revenue that is remitted back to the North Korean government,” it said.

“These IT workers take advantage of existing demands for specific IT skills, such as software and mobile application development, to obtain freelance employment contracts from clients around the world, including in North America, Europe, and east Asia.”

The workers pretend to be from countries such as South Korea, Japan or other parts of Asia, the advisory said.

It urged employers to be wary of “red flags”, such as a refusal to participate in video calls or requests to receive pay in virtual currency.

The workers “may steal the customer account information of US or international banks to verify their identities with freelance platforms, payment providers, and companies employing” contract workers, the agencies said.

Legal risk

The North Koreans are mostly based in China and Russia, with smaller numbers in Africa or south-east Asia.

The job-seeking is mainly aimed at accessing foreign currencies or virtual currency exchanges, but some of the North Korean workers may also aid their government’s hacking operations.

“Although DPRK IT workers normally engage in IT work distinct from malicious cyber activity, they have used the privileged access gained as contractors to enable the DPRK’s malicious cyber intrusions,” the agencies said.

They warned employers hiring North Korean workers could face legal penalties for evading sanctions.

A UN study from February found that North Korean cyber-attackers stole more than $50 million (£37m) of digital assets such as cryptocurrencies between 2020 and mid-2021 to help fund weapons programmes.