US government has warned organizations to beware of hackers in the guise of IT freelancers claiming to be non-DPRK (Democratic People’s Republic of Korea) nationals.
According to an advisory issued by the United States State and Treasury Departments and the Federal Bureau of Investigation (FBI), highly skilled mobile app and software developers from North Korea are trying to get employed by posing as IT freelancers.
The advisory stated that the purpose behind this fraudulent activity is to pave the way for cyber intrusions from the North Korean government. The fraudsters hide their identities and location by using VPNs and pose to hail from another country to gain employers’ trust.
Nefarious Objectives of North Korean IT Experts Exposed
The joint advisory published on Monday revealed that the primary objective behind this scam is to generate revenue for the North Korean government to circumvent sanctions and carry out a cyber invasion. The IT experts from North Korea exploit the growing demand for remote work to get freelance employment contracts without revealing their true identities.
The key targets are organizations in the USA, East Asia, and Europe, and most imposters were situated in Russia, China, Africa, and Southeast Asia. This scam indicates North Korea’s realization that IT skills are highly demanded in the abovementioned regions.
What Happens After Employment?
After getting employed, the North Korean hackers generate a ‘critical stream’ of revenue to ensure the North Korean government receives funding for its activities and supports their supreme leader Kim Jong Un.
According to authorities, most of the individuals are working on behalf of entities that were directly hit or were involved in North Korea’s WMD and ballistic missile programs, “as well as its advanced conventional weapons development and trade sectors.” For your information, these programs are prohibited by the UN.
The US government believes North Korean IT workers appear to engage in routine IT work. They use privileged access to fulfill their country’s malicious objectives. The advisory noted that some of these workers provided logistical aid to cybercriminals in North Korea.
Furthermore, they share access to the US firms’ virtual infrastructure and helped sell data stolen by North Korean threat actors. They also assist them in money laundering and virtual money transactions.
The advisory stated that hiring North Korean hackers can have far-reaching consequences as it may lead to legal and reputational losses, such as sanctions imposed under the US and UN authorities.
How to Detect Fraudsters?
The advisory offered guidelines on identifying hackers posing as IT workers by providing potential red flags that should raise concern. Organizations should check the workers’ activities by including multiple logins into an account that uses different IP addresses within a short time. Another strategy would be to check technical configurations linked to the desktop sharing software, router port, and account login frequency.
More North Korean Hackers Topics
- How Bad is the North Korean Cyber Threat?
- US charges 3 North Korean hackers for extorting $1.3+ billion
- Hackers steal personal details of 1,000 North Korean Defectors
- North Korea Hit By Konni and Inexsmar Malware After Missile Tests
- Elite North Koreans aren’t opposed to exploiting internet for financial gain