You are currently viewing US warns of North Korean hackers posing as computer freelancers

US warns of North Korean hackers posing as computer freelancers

Companies and other organizations should be careful when employing IT freelancers lest they end up hiring North Korean hackers.

The guidance comes from the US State Department, US Treasury Department and the Federal Bureau of Investigation, which warned that “there are reputational risks and the potential for legal consequences, including the designation of sanctions under of the United States and United Nations (UN) competent authorities, for persons and entities engaged in or supporting activities related to DPRK IT workers and dealing with related financial transactions.”

Precedents supporting the warning

North Korean IT professionals are taking advantage of the global shortage of skilled people β€” as well as remote work that has become a logical option for these types of jobs in today’s post-pandemic world β€” to apply for software development and engineering jobs. other IT jobs with companies around the world. world.

Some organizations have already warned against this practice and described their dealings with suspected North Korean hackers even before the official alert from US federal agencies:

“Although the DPRK’s IT workers normally engage in non-malicious IT work, such as developing a virtual currency exchange or a website, they used the privileged access gained as contractors to enable malicious cyber intrusions from the DPRK,” the federal agencies noted.

“Some overseas-based IT professionals have provided logistical support to DPRK-based malicious cyber actors, although it is unlikely that the IT professionals themselves are involved in malicious cyber activities. DPRK IT professionals may share the access to virtual infrastructure, facilitate the sale of data stolen by DPRK cyber actors, or assist in money laundering and DPRK virtual currency transfers.”

Things to watch out for

DPRK IT workers pose as US-based and/or non-North Korean telecommuters, and may further obscure their identity or location by outsourcing work to non-North Koreans, the agencies said. federal authorities, and pointed out that these IT professionals may be located in North Korea, but also in the People’s Republic of China (PRC), Russia, Africa and Southeast Asia.

Agencies have defined the skills of these workers and the platforms they use to contact organizations, land work contracts and receive digital payments. They also explained how these workers go about hiding their identities from job providers.

The guidance documents contain β€œred flags” that companies employing freelance developers and freelance work and payment platform companies should be aware of, as well as mitigation measures they can take to attract these workers.

Leave a Reply