You are currently viewing US warns against involuntary hiring of North Korean IT workers

US warns against involuntary hiring of North Korean IT workers

US warns against involuntary hiring of North Korean IT workers
brooke.crothers
Tue, 17/05/2022 – 18:43

Connection to WMDs and missile programs

The notice says North Korean IT professionals are exploiting the demand for IT skills to secure freelance contracts in North America, Europe and East Asia. And in many cases, workers circumvent hiring restrictions by posing as U.S.-based or non-North Korean telecommuters — or hide their identities and locations by outsourcing work to non-Norths. -Koreans.

They target opportunities in a wide range of specialties, including mobile applications, mobile games, creation of platforms for exchanging virtual currencies and digital coins, motion graphics, applications related to artificial intelligence , hardware and firmware development, and database development and management.

The “vast majority of them are subordinate to and work for entities directly involved in the DPRK’s WMD and ballistic missile programs, as well as its advanced conventional arms development and trade sectors.” This translates into revenue… used by the DPRK to develop its WMD and ballistic programs, in violation of US and UN sanctions,” the notice said.

“Although DPRK computer scientists normally engage in non-malicious computer work, such as developing a virtual currency exchange or a website, they used the privileged access obtained as a sub- contractors to enable malicious cyber intrusions from the DPRK Some overseas-based DPRK IT personnel have provided logistical support to DPRK-based malicious cyber actors, although it is unlikely that the IT personnel themselves were involved in malicious cyber activities DPRK IT personnel may share access to virtual infrastructure, facilitate the sale of data stolen by DPRK cyber actors, or assist in money laundering and DPRK virtual currency transfers . »

—Guidance on the Democratic People’s Republic of Korea Information Technology Workers, Joint Advisory of the US Department of State, the US Department of the Treasury, and the FBI, May 16, 2022

Cybercrime is how North Korea makes money

“Our recent research shows that cybercrime has become one of the main means of generating revenue in North Korea,” said Kevin Bocek, vice president, Ecosystem & Threat Intelligence at Venafi, adding that Advanced Persistent Threat groups ( APT) help North Korea circumvent international issues. punishments.

“It is estimated that up to $2 billion goes directly into North Korea’s weapons program each year as a result of nation-state cybercrime,” Bocek said.

The method: target freelance IT developer contracts

North Korean IT teams operating overseas typically get freelance jobs through online platforms, where companies advertise contracts for freelance IT developers. Moreover, in some cases, these rogue IT teams find local non-DPRK nationals to serve as nominal heads of companies that are in fact controlled by North Koreans, according to the notice.

These IT people also use virtual currency exchanges and trading platforms to manage digital. payments they receive for contract work as well as for laundering and moving funds.

The way: hiding identities

“DPRK IT workers deliberately conceal their identity, location and nationality online, often using non-Korean names as aliases,” the notice said. They use virtual private networks (VPNs), virtual private servers (VPS) or third-party IP addresses to conceal their location and reduce the likelihood of scrutiny of their location or connections in the DPRK, according to the notice.

Workers will also exploit the anonymity of telecommuting and use proxies for creating and maintaining accounts. They favor the use of text chat communications over video calls.

Venafi’s opinion: be proactive

“Defending against North Korean nation-state actors is difficult, especially when these threats now come from both external and internal organizations,” Bocek said. ” Organizations must now be proactive, not reactive, in their security defenses. It is clear that recruitment processes must be robust to prevent the hiring of a dishonest freelancer,” he said.

Bocek continued. “At the end of the day, it’s unclear what these dishonest freelancers are after. Targets that come to mind are data theft or potentially funds, but we’ve seen in the past that North Korean APT groups have used stolen code-signing identities in devastating nation-state attacks. . The problem is that there is currently not enough awareness and security around the importance of machine identities. This lack of focus allows North Korean cybercriminals to take advantage of a serious blind spot in software supply chain attacks.

For organizations looking to protect against the impact these threat actors could have if armed with stolen code-signing certificates, machine identity management remains the best defense.

“Companies need to have visibility into their environments to spot changes and react quickly, both from a human and machine identity perspective. Without effective management of machines and humans, we will continue to see APT groups thrive, and high-profile nation-state attacks will continue to affect business and government. Automating machine identity management can help take this element of security out of the hands of already overstretched security teams. »

Similar Items

Leave a Reply