Freelance Market Flooded with North Korean IT Actors

Freelance Market Flooded with North Korean IT Actors

October 24, 2023 at 08:27AM

US organizations hiring freelance and temporary IT workers should be cautious of individuals working on behalf of North Korea. The country has flooded the freelance market with skilled IT workers who secretly direct their earnings to the nation’s nuclear weapons program. The US Department of Justice recently seized domains and revenue associated with the scam. Organizations should be vigilant in verifying the identity of workers and be aware of red flags, such as multiple logins from different IP addresses and payment requests in cryptocurrencies. Detecting fake identities can be challenging.

Key Takeaways from Meeting Notes:

– US organizations hiring freelance and temporary IT workers should be cautious about individuals working on behalf of the North Korean government.
– North Korean IT workers have flooded the freelance market, residing primarily in Russia and China, and directing their earnings to the country’s nuclear weapons program.
– The US Department of Justice recently seized 17 domains and $1.7 million in revenues associated with this scam.
– The seized websites appeared to belong to legitimate US-based IT services companies but were actually operated by North Korean IT workers affiliated with Yanbian Silverstar Network Technology Co. Ltd (China-based) and Volasys Silver Star (Russian-based).
– These workers use various mechanisms, such as pseudonymous email accounts and false websites, to hide their true identities and locations when applying for freelance work.
– Each year, these North Korean IT workers generate millions of dollars for entities linked to North Korea’s Ministry of Defense and WMD programs.
– The DOJ has previously warned US organizations about this scam and provided guidance for identifying potential North Korean operatives, including red flags like multiple logins from different IP addresses, frequent money transfers, and requests for payment in cryptocurrencies.
– Updated advice for spotting potential North Korean IT workers includes identifying inconsistencies, an unwillingness to appear on camera, signs of cheating during coding tests or interviews, repeated requests for prepayment, and threats to release source code.
– To minimize risk, organizations should request background check documentation from third-party staffing firms, conduct due-diligence checks on individuals provided by such firms, and avoid accepting background checks from unknown sources.
– Detecting fake identities linked to state-sponsored actors can be challenging using standard background checks.

Full Article