US warns of North Korean hackers posing as IT freelancers
Companies and other organizations should be careful when employing IT freelancers, lest they end up hiring North Korean hackers.
The advice comes from the US Department of State, the US Department of the Treasury, and the Federal Bureau of Investigation, who warned that “there are reputational risks and the potential for legal consequences, including sanctions designation under US and United Nations (UN) authorities, for individuals and entities engaged in or supporting DPRK IT worker-related activity and processing related financial transactions.”
Precedents backing up the warning
North Korean IT workers are taking advantage of the worldwide shortage of skilled individuals – as well as remote working become a logical option for these types of jobs in the current post-pandemic world – to apply for software development and other IT jobs with companies around the world.
Some organizations have warned about the practice already, and described their dealings with suspected North Korean hackers even before the official alert from US federal agencies:
No bullshit I think I just interviewed a North Korean hacker.
Terrifying, hilarious, and a reminder to be paranoid and triple-check your OpSec practices.
Here's how it went:
— jonwu.aztec (@jonwu_) April 29, 2022
We just had a 🇰🇵 North Korean scammer/hacker apply as a tech contributor for @vita_dao yesterday.
The whole thing felt very surreal:
— schmackofant.eth (@schmackofant) May 17, 2022
“Although DPRK IT workers normally engage in non-malicious IT work, such as the development of a virtual currency exchange or a website, they have used the privileged access gained as contractors to enable DPRK’s malicious cyber intrusions,” the federal agencies have noted.
“Some overseas-based DPRK IT workers have provided logistical support to DPRK-based malicious cyber actors, although the IT workers are unlikely to be involved in malicious cyber activities themselves. DPRK IT workers may share access to virtual infrastructure, facilitate sales of data stolen by DPRK cyber actors, or assist with the DPRK’s money- laundering and virtual currency transfers.”
Things to watch out for
DPRK IT workers way present themselves as US-based and/or non-North Korean teleworkers, and may further obfuscate their identities or location by sub-contracting work to non-North Koreans, the federal agencies explained, and pointed out that these IT workers may be located in North Korea, but also in in the People’s Republic of China (PRC), Russia, Africa and Southeast Asia.
The agencies have delineated these workers’ skills and the platforms they use to contact organizations, snag job contracts, and receive digital payments. They’ve also outlined how these workers go about hiding their identity from job providers.
The guidance documents contains “red flags” that companies employing freelance developers and freelance work and payment platform companies should be aware of, as well as mitigation measures they can take to suss these workers.