For more than decade, North Korean hackers and digital fraudsters have been on a rampage, stealing hundreds of millions of dollars to raise funds for the Hermit Kingdom and often leaving chaos in their wake. But while the United States and other governments have regularly exposed North Korea’s digital espionage operations and issued indictments against its hackers, charges of fraudulent theft and profiteering have proven more difficult. North Korea has been under extensive sanctions from the US and other governments for years, but efforts to tackle the regime’s financial crimes have faced obstacles.
Last week, the U.S. Treasury, State Department and Federal Bureau of Investigation issued a joint 16-page warning warning businesses to beware of a specific scam in which North Korean IT workers apply for freelance contracts — often with wealthy North American, European and East Asian companies—to generate revenue for their country. Workers impersonate IT workers of other nationalities, impersonating remote workers from South Korea, China, Japan, Eastern Europe or the US. The report notes that there are thousands of North Korean IT workers who take such contracts. Some carry out their work from North Korea itself, and others operate abroad, mainly outside of China and Russia, with small contingents in Southeast Asia and Africa. In some cases, North Korean fraudsters themselves subcontract with other, more legitimate workers to boost their credibility.
“DPRK IT workers can individually earn more than USD 300,000 per year in some cases, and teams of IT workers can collectively earn more than USD 3 million per year,” the warning warns. “DPRK IT workers provide a critical revenue stream that helps fund the DPRK regime’s highest economic and security priorities, such as its weapons development program.”
When American businesses unknowingly contract with North Koreans, they violate government sanctions and face legal risk. But fraud is difficult to tackle because workers typically perform tasks to earn their compensation. Without vigilance, businesses may not know something shady is going on.
The warning emphasized that while businesses need to be aware of the issue in order to comply with sanctions, North Korean IT contractors also sometimes use their access to install malware and facilitate espionage and intellectual property theft.
“There are a lot of cases where we see North Korean actors interviewing for jobs and using that to try to ultimately deploy malware or get into an environment,” said Adam Myers, senior vice president of intelligence at cybersecurity firm CrowdStrike . “The reason this is important is because a lot of people don’t think about this threat or write it off as, ‘Oh, North Korea, they’re crazy. They are not complicated. And if you talk to an actual person, it doesn’t seem like there would be a cyber threat in this, but these are human-enabled operations that the North Koreans have become very good at, so raising awareness of this issue is really important.”
