19 May 2022

US warns against accidentally hiring North Korean hackers posing as tech workers


US warns against accidentally hiring North Korean hackers posing as tech workers

Organizations should exercise caution when employing remote IT staff because they may end up hiring North Korean tech workers posing as non-nationals secretly working for Kim Jong-un’s regime, according to a joint advisory issued by the US Department of State, the Department of the Treasury, and the Federal Bureau of Investigation.

Officials warn that Democratic People’s Republic of Korea (DPRK) dispatches thousands of highly skilled IT workers around the world to generate revenue for the country's government, including its military programs and cyber operations.

“These IT workers take advantage of existing demands for specific IT skills, such as software and mobile application development, to obtain freelance employment contracts from clients around the world, including in North America, Europe, and East Asia. In many cases, DPRK IT workers represent themselves as U.S.-based and/or non-North Korean teleworkers. The workers may further obfuscate their identities and/or location by sub-contracting work to nonNorth Koreans,” the agencies said.

While North Korean IT workers do not normally engage in malicious cyber activities, they have been known to take advantage of their privileged access as contractors to enable the DPRK’s malicious cyber intrusions.

The advisory also provides red flag indicators for organizations hiring freelance developers to identify DPRK IT workers, as well as general mitigation measures for companies to better protect against inadvertently hiring or facilitating the operations of DPRK IT workers.

Back to the list

Latest Posts

Researchers uncovered undetectable malware linked to Russia's APT

Researchers uncovered undetectable malware linked to Russia's APT

According to a recent report published by Palo Alto Networks, new piece of malware currently evades 56 antivirus products.  
6 July 2022
New ransomware operation RedAlert puts victims on a "board of shame"

New ransomware operation RedAlert puts victims on a "board of shame"

At this point, only one victim is listed on the RedAlert’s data leak website, indicating that the development is very new.
6 July 2022
Microsoft silently issued a fix for ‘ShadowCoerce’ NTLM Relay attack

Microsoft silently issued a fix for ‘ShadowCoerce’ NTLM Relay attack

Despite patching the flaw, Microsoft hasn’t provided any details about it and assigned a CVE ID yet.
6 July 2022