US Government Warning: North Korea IT Workers Disguised as Freelance Developers

Let's Talk

In today’s era, cyber-attacks, infiltration into company infrastructures, and numerous other malicious activities are frighteningly common. The US Government’s recent warning is a testament to this.

Last month, the government mentioned how the DPRK (Democratic People’s Republic of Korea) is dispatching various highly skilled IT professionals to work in wealthier nations such as the United States of America. They are hiding their identities to avoid sanctions from the UN or any other country.

There are two main motives behind this. One of them is cyber intrusion by the DPRK, and the other is aiding the regime in manufacturing weapons of mass destruction. In the first case, contractors infiltrate the company, access their infrastructure, and provide the regime with confidential details, which are then used to cause cyber intrusion. 

However, this isn’t their main intent. They earn by selling stolen data, and the money is used to financially sustain the regime’s ventures of developing weapons. So how exactly does this happen?

There are multiple ways in which they go about this. These professionals have been found online and even located in the States. If they work remotely, then they use IP addresses of other regions using VPNs.

They join freelance communities and bidding platforms online, interact with people, and get contracts through them. If they’re located offline, they disguise themselves with fake ID proofs, signatures, and other documents.

Once they get the contracts, they recommend more people who are from DPRK. Usually, they’re disguised as people from China, Japan, South Korea, or some East European countries.

They work across different fields and niches, which include:

  • Mobile and web apps
  • Graphic animation
  • Facial and biometric recognition
  • Gambling programs
  • Database development and management
  • Artificial intelligence

🚩🚩Red Flags 🚩🚩

So to safeguard yourself and your companies, it is best to be vigilant and be on the lookout for a few red flags:

  • Inconsistencies in details and documentation regarding name, spelling, nationality, age, and more.
  • Logging in to one account but with different IP addresses spanning across countries.
  • Positive reviews on freelance platforms from only one or two clients.
  • Templatized versions of documents and contracts.
  • Frequent money transfers that are linked to China or go through different companies.
  • Demand for payment in virtual currency
  • The address for receiving work-oriented documents and parcels is different from the address on the records provided.
  •  Indications of remote desktop or VPN usage.

These are some of the most prominent red flags to look out for. When cybersecurity is so essential, and an attack can occur anytime, you need to be vigilant and be aware of who or what you’re working with.

Experiencing similar challenges?

We'll Eliminate Your Technology Hurdles

At IntermixIT, we approach your business challenges from experience. We deploy best practices in delivering all our IT solutions. We’ll drive your IT success.

Don't Settle for Poor Support from Your Managed IT Service Provider​
We’ll Deliver a Customer Experience that Drives IT Success.

Book Your 13-Minute Consultation