FBI warns that thousands of North Koreans are working as remote workers in other countries under false identities, with wages sent to North Korea for missile program



Thousands of information technology workers who signed contracts with American and other foreign companies secretly sent millions of dollars (hundreds of millions of yen) in annual wages to North Korea to fund its ballistic missile program. was revealed through an investigation by the FBI.

Office of Public Affairs | Justice Department Announces Court-Authorized Action to Disrupt Illicit Revenue Generation Efforts of Democratic People's Republic of Korea Information Technology Workers | United States Department of Justice

https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-action-disrupt-illicit-revenue-generation

Additional Guidance on the Democratic People's Republic of Korea Information Technology Workers
https://www.ic3.gov/Media/Y2023/PSA231018

FBI: Thousands of remote IT workers sent wages to North Korea | AP News
https://apnews.com/article/north-korea-weapons-program-it-workers-f3df7c120522b0581db5c0b9682ebc9b

On October 17, 2023, the FBI identified 17 websites used by North Korean IT workers to deceive US and other foreign companies, evade sanctions and provide funds to North Korea. It was announced that 1.5 million dollars (approximately 225 million yen) of funds collected from individuals were confiscated.

These domains are disguised to appear to be legitimate U.S.-based IT services companies, and are used to help workers disguise their identities and addresses when applying for remote work at companies in the U.S. and around the world. It is said that it was.



'The Democratic People's Republic of Korea is flooding global markets with unscrupulous IT workers to indirectly fund its ballistic missile program,' said Special Agent Jay Greenberg of the FBI's St. Louis Division. 'Seizing fraudulent domains like this one is important to prevent companies from unknowingly hiring such malicious companies and potentially harming their business.'

It is unclear when North Korea began sending its own IT engineers to companies in other countries, but in May 2022, the FBI and two other authorities reported that North Koreans 'gained employment by posing as non-North Koreans.' We have issued an advisory warning against ``attempts to do so.'' In it, the authorities pointed out that ``Kim Jong Un's regime is placing emphasis on IT-related education and training.''

Experts also say that North Korea has been using IT freelancers as a source of funding for its weapons development programs for more than a decade, but the spread of remote work due to the coronavirus pandemic has accelerated this trend. doing.

According to court filings, the North Korean government sent thousands of skilled IT workers, mainly to China and Russia, to trick companies in the United States and other countries into working as freelance remote employees. . North Korean workers used a variety of tactics, including paying Americans to use their home Wi-Fi connections and making it appear they were working in the United States.



The FBI, in cooperation with South Korea's Ministry of Foreign Affairs and National Police Agency, has listed the following points as ``red flags indicating the possibility of North Korean IT workers.''

- Dislike or are unable to be seen on camera, such as video interviews or video meetings. When captured on camera, there are discrepancies in time and location, and the appearance is strange.
・Excessive anxiety or inability to undergo drug tests or face-to-face interviews.
・There is evidence of fraud in the coding tests, recruitment questionnaires, and interview responses. Examples include pausing frequently, getting stuck in answers, making movements with the eyes as if reading something, and giving inaccurate but plausible answers.
・The contents of your online profile such as SNS and your resume do not match, different photos are posted on multiple profiles with the same ID, or no photo is posted on your profile.
・The home address used to receive laptops and company materials is the address used for forwarding packages. Or your address suddenly changes when you are hired.
・The educational background on their resumes is from universities in Asian countries such as China, Japan, Singapore, and Malaysia, and most of their employers are in the United States, South Korea, and Canada.
・Repeatedly demands advance payment of salary and becomes angry and aggressive when refused.
-Threatening to release the source code unless additional payment is made.
- Providers for things like bank accounts, freelancer companies, and payment methods may vary or change from time to time.
・Although he likes to use Korean, he claims to be from a country or region other than the Korean speaking area.



'Employers need to be careful about who they hire and who they allow access to their IT systems,' said Saylor A. Fleming, U.S. Attorney for the Eastern District of Missouri. They may be funding weapons programs, having their data stolen by hackers, or becoming the source of future extortion.'

in Security, Posted by log1l_ks