US Organizations Warned of North Korean IT Workers in Freelance Market
Introduction
The United States Department of Justice (DOJ) has issued a warning to US organizations that hire freelance and temporary IT workers to be cautious of individuals working on behalf of the North Korean government. The Democratic People’s Republic of Korea (DPRK) is utilizing skilled IT workers in Russia and China to generate funds for its nuclear weapons program. These workers are hiding their true identities and locations by using pseudonymous email and social media accounts, false websites, proxy computers, and other mechanisms. The recent seizure of web domains and cash highlights the scale of this operation. US organizations must remain vigilant and verify the identities of the individuals they hire.
The Scam and Seizure
The scam involves North Korean IT workers flooding the global marketplace and applying for remote work with US and other firms worldwide. They have been utilizing 17 domains, which were seized by the DOJ along with approximately $1.7 million in revenues associated with the operation. These domains were believed to belong to legitimate US-based IT services companies but were actually being used by North Korean IT workers associated with Chinese company Yanbian Silverstar Network Technology Co. Ltd and Russian company Volasys Silver Star. The workers used online payment services and Chinese bank accounts to transfer their earnings back to North Korea. The DOJ has revealed that the workers were generating millions of dollars annually, supporting entities such as North Korea’s Ministry of Defense and other agencies involved in the country’s weapons of mass destruction programs.
Previous Warnings and Red Flags
This is not the first warning issued by the DOJ regarding this scam. In May 2022, the US government advised organizations to be cautious of North Korean IT workers using various tools like VPNs, virtual private servers, third-party IP addresses, proxy accounts, and stolen ID documents to pose as workers from other countries. The advisory also provided specific guidance on red flags that organizations should look out for when contracting with freelancers. These red flags included multiple logins from various IP addresses, IP addresses associated with different countries, frequent money transfers through Chinese payment platforms, and requests for payment in cryptocurrencies. Inconsistencies in name spellings, work location, contact information, and educational and work history details across social media profiles, professional websites, and payment profiles were also highlighted. Difficulties in reaching the worker during required business hours or an inability to reach them in a timely fashion were additional warning signs.
Updated Advice for US Organizations
The recent advisory from the DOJ provides updated advice for US organizations to spot potential North Korean IT workers. Some of the new red flags include an unwillingness or inability by the freelancer to participate in video interviews or conferences, inconsistencies in appearance on camera in terms of time of day and location, signs of cheating on coding tests or interviews, repeated requests for prepayment, and threats to release source code if payment is not made. To minimize risk, organizations are encouraged to request background check documentation when using third-party staffing firms, conduct due diligence on individuals provided by third-party firms, and avoid accepting background checks from unknown firms.
Expert Analysis
According to Andrew Barrett, Vice President at Coalfire, managing these types of threats at a corporate level is incredibly challenging and costly. Freelancers and contractors play a significant role in many businesses, leading to the emergence of marketplaces like Fiverr. However, detecting fake identities when dealing with state-sponsored individuals can be extremely difficult using typical background checks.
Conclusion
US organizations must be vigilant and exercise caution when hiring freelance and temporary IT workers to ensure they are not unknowingly supporting North Korea’s nuclear weapons program. The recent seizure of web domains and cash is a clear indication of the scale of this operation. Following the recommended guidelines and red flags provided by the DOJ will help organizations minimize the risk of hiring North Korean IT workers. However, tackling state-sponsored fake identities requires new approaches and increased awareness across industries. Implementing more robust screening processes and collaborating with cybersecurity experts can help organizations protect themselves from falling victim to these scams. Internet security and due diligence should be a priority for organizations, especially when engaging with freelance workers in today’s global digital economy.
<< photo by Grab >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Exploring the Vulnerabilities: The “Log in with…” Feature’s Path to Full Online Account Takeover
- Demystifying API Management: Removing the Fear Factor for Your Organization
- Spanish Authorities Crack Down on Cybercriminals: 34 Arrested for Multi-Million Dollar Online Scams
- The Rise of North Korean IT Actors: Freelance Market Flooded
- The Expanding Web of North Korean IT Scammers: U.S. DoJ’s Efforts to Combat Global Fraud
- North Korean State Actors Expose Vulnerability in TeamCity Server
- The Elusive Backdoor: Modified Cisco Devices Evade Detection
