Security Experts:

US Government Says North Korean IT Workers Enable DPRK Hacking Operations

The US government has warned companies that some of their IT workers may be from North Korea, and these individuals could be aiding their country’s hacking operations.

According to an unclassified advisory from the Department of State, Department of the Treasury, and the FBI, IT workers from the Democratic People’s Republic of Korea (DPRK) are posing as non-North Korean nationals in an effort to gain employment that they would otherwise not be able to obtain due to current sanctions.

The government has warned that thousands of highly skilled IT workers are being dispatched around the world to obtain money that can fund the North Korean regime, including its military programs.

These rogue workers can earn more than $300,000 per year for developing mobile and web applications, building digital currency exchange platforms, providing IT support, developing hardware and firmware, and creating and managing databases. They can be involved in the development of graphic animation, online gambling platforms, dating apps, AI, virtual reality platforms, and biometric recognition software.

The US government noted that while North Korean IT workers typically do not engage in malicious cyber activities, they have been known to leverage their privileged access to enable cyber intrusions.

“Some overseas-based DPRK IT workers have provided logistical support to DPRK-based malicious cyber actors, although the IT workers are unlikely to be involved in malicious cyber activities themselves,” the unclassified advisory reads. “DPRK IT workers may share access to virtual infrastructure, facilitate sales of data stolen by DPRK cyber actors, or assist with the DPRK’s money-laundering and virtual currency transfers.”

Malicious cyber activities have helped North Korea make billions of dollars and the US is prepared to offer up to $5 million for information about the country’s illegal activities in cyberspace.

“Defending against North Korean nation-state actors is difficult, particularly when these threats are now coming from both outside and inside organizations,” said ​​Kevin Bocek, VP of security strategy and threat intelligence at Venafi. “They are often well funded, highly sophisticated, and – as we’re seeing with this FBI warning – capable of thinking outside the box to find new ways to attack networks, as we’re now seeing with rogue freelancers hacking from within.”

“Organizations must now be proactive, not reactive in their security defenses. It’s clear that recruitment processes have to be robust to prevent hiring a rogue freelancer,” Bocek added.

One of the most significant sources of income for North Korea continues to be cyberattacks targeting blockchain and cryptocurrency organizations. The US recently blamed DPRK for the $600 million Ronin Validator cryptocurrency heist, which authorities believe was conducted by the notorious Lazarus Group.

Related: North Korea APT Lazarus Targeting Chemical Sector

Related: North Korea Gov Hackers Caught Sharing Chrome Zero-Day

Related: UN Experts: North Korea Stealing Millions in Cyber Attacks

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.