Security News > 2022 > May > U.S. warns of North Korean hackers posing as IT freelancers

North Korean IT workers are taking advantage of the worldwide shortage of skilled individuals - as well as remote working become a logical option for these types of jobs in the current post-pandemic world - to apply for software development and other IT jobs with companies around the world.

"Although DPRK IT workers normally engage in non-malicious IT work, such as the development of a virtual currency exchange or a website, they have used the privileged access gained as contractors to enable DPRK's malicious cyber intrusions," the federal agencies have noted.

"Some overseas-based DPRK IT workers have provided logistical support to DPRK-based malicious cyber actors, although the IT workers are unlikely to be involved in malicious cyber activities themselves. DPRK IT workers may share access to virtual infrastructure, facilitate sales of data stolen by DPRK cyber actors, or assist with the DPRK's money- laundering and virtual currency transfers."

DPRK IT workers way present themselves as U.S.-based and/or non-North Korean teleworkers, and may further obfuscate their identities or location by sub-contracting work to non-North Koreans, the federal agencies explained, and pointed out that these IT workers may be located in North Korea, but also in in the People's Republic of China, Russia, Africa and Southeast Asia.

The agencies have delineated these workers' skills and the platforms they use to contact organizations, snag job contracts, and receive digital payments.

The guidance documents contains "Red flags" that companies employing freelance developers and freelance work and payment platform companies should be aware of, as well as mitigation measures they can take to suss these workers.

News URL

https://www.helpnetsecurity.com/2022/05/18/north-korean-it/