For more than a decade, North Korean hackers and digital scam artists have run wild, pilfering hundreds of millions of dollars to raise funds for the Hermit Kingdom and often leaving chaos in their wake. While the United States and other governments frequently call out North Korea's digital espionage operations and issue indictments against their hackers, it has proved more difficult to bring charges for rogue theft and profiteering. Efforts to address the regime's financial crimes have met with obstacles, despite the fact that North Korea has been under extensive sanctions by the US and other governments for years.
Last week, the US Treasury, State Department, and Federal Bureau of Investigation issued a 16-page alert warning businesses to guard against a particular scam in which North Korean IT workers apply for free contracts with wealthy North American, European, and East Asian firms. The workers pretend to be remote workers from South Korea, China, Japan, Eastern Europe, or the US. Thousands of North Korean IT workers are taking on such contracts. Some work from North Korea, others from other countries, with small contingents in Southeast Asia and Africa. In some cases, the North Korean scam artists sub-contract with other legitimate workers to enhance their credibility.
In some cases,DPRK IT workers can earn more than 300,000 a year, and teams of IT workers can earn more than 3 million a year.
US businesses that contract with North Koreans are violating government sanctions. Workers typically complete assignments to earn their compensation, so it's difficult to deal with the scam. Without vigilance, businesses could be unaware of shady activity.
While businesses need to be aware of the issue so they can comply with sanctions, North Korean IT contractors also sometimes use their access to plant malware and facilitate espionage and intellectual property theft.
There have been a lot of cases where North Korean actors have been interviewing for jobs and trying to get into an environment. If you're talking to an actual person, it feels like there's not going to be a cyber threat, but these are human-enabled operations that the North Koreans have gotten.
The alert notes that the North Korean IT workers have developed software, websites, and other platforms for a variety of sectors, including health and fitness, social networking, sports, entertainment, and lifestyle. The workers have the skills to do IT support and database management, build mobile and web apps, work in artificial intelligence and virtual reality or augmented reality, and work on facial recognition and biometrics.