US officials warn against inadvertently hiring ‘rogue freelancers’ from North Korea


The United States has issued a warning against hiring tech freelancers from North Korea and asked companies to be more careful, saying the money they make is being taken by Pyongyang.

Several North Koreans were taking advantage of remote work opportunities from Western countries, including the United States, and hiding their association with North Korea to earn money for their government, according to a notice issued Monday by the Departments of Health. and Treasury and the Federal Bureau of Investigation. (FBI).

The statement said the effort was aimed at circumventing US and UN sanctions against North Korea and ‘abusing the entire ecosystem of freelance work platforms’ to cash in on Pyongyang’s efforts to bolster its programs. nuclear weapons and ballistic missiles.

“There are thousands of DPRK IT workers both sent overseas and based in the DPRK, generating revenue that is donated to the North Korean government,” the notice said, referring to North Korea. by its official name, the Democratic People’s Republic of Korea.

“These IT professionals are taking advantage of existing demands for specific IT skills, such as software and mobile application development, to secure freelance work contracts with clients around the world, including North America, Europe and South Asia. the East,” he added.

The notice warned against many North Korean workers claiming to be from South Korea, Japan or other Asian countries.

He laid out a series of red flags for employers to watch out for, including multiple logins to a single account from different IP addresses, refusal to participate in video calls and demands for virtual currency payments.

US officials said the North Koreans were primarily based in China and Russia, with smaller numbers operating in Africa and Southeast Asia. Much of the money they earned is taken by the North Korean government, according to the notice.

He asked companies to “check documents” and “examine identity verification documents closely”, among other measures to avoid hiring North Koreans.

According to experts, while it’s not always clear what these “rogue freelancers are after,” data theft and theft of funds are usually the main motivations.

“Defending against North Korean nation-state actors is difficult, especially when these threats now come from both outside and inside organizations,” said Kevin Bocek, vice president of security strategy and threat intelligence at cybersecurity company Venafi.

“They are often well-funded, very sophisticated and, as we see with this warning from the FBI, able to think outside the box to find new ways to attack networks,” Boceck said.

Officials said companies that hire and pay these workers could face legal consequences if they violate the sanctions.

“There are many risks associated with hiring or supporting the activities of DPRK IT professionals, ranging from theft of intellectual property, data and funds, to reputational damage and legal consequences, including sanctions imposed by US and UN authorities,” he said.

Additional reports by agencies


Comments are closed.