'Don't accidentally hire a North Korean hacker,' the FBI warns

On May 16, 2022, the United States Department of the Treasury, the Department of State, and the Federal Bureau of Investigation (FBI) jointly recommended precautions when hiring North Korean IT workers. The FBI and others have warned that IT workers who are trying to contribute to North Korea's weapons of mass destruction are working in various countries by pretending to be their identity.

(PDF file)


Don't accidentally hire a North Korean hacker, FBI warns | North Korea | The Guardian

According to the recommendations of FBI et al., North Korea has sent thousands of highly skilled IT workers around the world to earn income that contributes to weapons of mass destruction and ballistic missile programs, contrary to US and UN sanctions. It is said that it is dispatched. FBI and colleagues warn that these IT workers are leveraging specific IT skills such as software and mobile application development to win freelance contracts from clients around the world, including North America, Europe and East Asia.

In Japan as well, it has become clear that North Korean workers living in China used the name of an acquaintance living in Japan to undertake the development of Japanese smartphone apps.

[Original] North Korean engineer develops Japanese smartphone app ... Undertakes 7 operations such as local government disaster prevention app: Yomiuri Shimbun Online

As in the case of Japan, North Korean IT workers work by pretending to be their identity, and FBI et al. 'In many cases, North Korean IT workers pretend to be teleworkers living in the United States, South Korea, and Japan. 'In addition, we may mediate people other than North Korea and hide their identities and whereabouts.'

The work undertaken by these workers is wide-ranging, such as application development, animation / game production, virtual currency related and artificial intelligence development, database construction, etc., and it is said that it may earn more than 3 million dollars (about 380 million yen) annually. That. Many North Korean IT workers can earn more than 10 times more income by working abroad, but because they are under the supervision of North Korean government security personnel, up to 90% of their wages. It is said that it has been collected.

In addition to earning wages, workers can use the privileged access rights they have gained as contract employees to enable malicious cyber intrusion into North Korea and support North Korea's money laundering. , It is said that it may be trying to provide logistical support to North Korea.

FBI et al. Said that these workers may be working with fake IDs and resumes, and as a sign of fraud, 'logging to the same account multiple times from different IP addresses in a relatively short period of time.' Calling attention to these, such as 'Inconsistent profile' and 'Frequent use of document templates in bidding documents and projects, and the same template being used by different developer accounts'. ..

In addition, as a countermeasure on the employer side, 'conduct a video interview to confirm the identity', 'use the port check function regularly to check if it is connected by VPN or VPS', 'illegal small transaction' Be wary of. '

in Security, Posted by log1p_kr