For more than Over a decade, North Korean hackers and digital scammers have been rescued, stealing hundreds of millions of dollars to raise funds for the hermit kingdom and often leaving chaos in their wake. But while the United States and other governments regularly call on North Korea’s digital espionage operations and make accusations against their hackers, it has become more difficult to file charges of rogue theft and speculation. North Korea has been under heavy sanctions by the United States and other governments for years, but efforts to tackle the regime’s financial crimes have been hampered.
Last week, the U.S. Treasury, the State Department and the Federal Bureau of Investigation jointly issued a 16-page alert warning companies to protect themselves from a particular scam in which IT workers North Korea is applying for stand-alone contracts, often with wealthy Americans, Europeans, and East Asian companies: to generate revenue for their country. Workers masquerade as computer workers of other nationalities, masquerading as remote workers from South Korea, China, Japan, Eastern Europe, or the United States. The alert states that there are thousands of computer workers in North Korea taking on these contracts. Some do their work from North Korea itself and others work abroad, mainly in China and Russia, with small contingents in Southeast Asia and Africa. In some cases, North Korean scammers themselves outsource to other more legitimate workers to improve their credibility.
“DPRK IT workers can earn more than $ 300,000 a year individually in some cases, and IT workers’ teams can earn more than $ 3 million a year collectively,” the alert warns. “DPRK IT workers provide a critical stream of revenue that helps fund the DPRK regime’s highest economic and security priorities, such as its arms development program.”
When U.S. companies unknowingly contract with North Koreans, they are violating government sanctions and facing legal risk. But scams are difficult to deal with, as workers often complete tasks to get their compensation. Without surveillance, companies may not be aware that something obscure is happening.
The alert points out that while companies need to be aware of the problem in order to comply with sanctions, North Korean IT contractors also use their access to plant malware and facilitate espionage and theft. intellectual property.
“There have been many cases where we are seeing North Korean actors interviewing each other to work and use it to try to deploy malware or enter an environment,” said Adam Meyers, vice president of intelligence for the cybersecurity firm. CrowdStrike. “The reason this is important is that a lot of people don’t see this threat or write it, ‘Oh, North Korea, they’re crazy.’ They’re not sophisticated. There will be no cyber threat in this, but these are human-enabled operations in which North Koreans have done very well, so raising awareness about this issue is really important. ”
Computer workers in North Korea have extensive training, making detection more difficult, and the alert indicates that they have developed software, websites and other platforms for various sectors, such as health and fitness. social media, sports, entertainment and lifestyle. with cryptocurrency and decentralized financing. Employees have experience in computer support and database management, creating mobile and web applications, developing cryptocurrency platforms, working in artificial intelligence and virtual reality or augmented reality, and developing facial recognition and biometric authentication tools.