Organizations should exercise caution when employing remote IT staff because they may end up hiring North Korean tech workers posing as non-nationals secretly working for Kim Jong-un’s regime, according to a joint advisory issued by the US Department of State, the Department of the Treasury, and the Federal Bureau of Investigation.
Officials warn that Democratic People’s Republic of Korea (DPRK) dispatches thousands of highly skilled IT workers around the world to generate revenue for the country's government, including its military programs and cyber operations.
“These IT workers take advantage of existing demands for specific IT skills, such as software and mobile application development, to obtain freelance employment contracts from clients around the world, including in North America, Europe, and East Asia. In many cases, DPRK IT workers represent themselves as U.S.-based and/or non-North Korean teleworkers. The workers may further obfuscate their identities and/or location by sub-contracting work to nonNorth Koreans,” the agencies said.
While North Korean IT workers do not normally engage in malicious cyber activities, they have been known to take advantage of their privileged access as contractors to enable the DPRK’s malicious cyber intrusions.
The advisory also provides red flag indicators for organizations hiring freelance developers to identify DPRK IT workers, as well as general mitigation measures for companies to better protect against inadvertently hiring or facilitating the operations of DPRK IT workers.