North Korean Hackers Deceive US Companies by Posing as IT Freelancers, FBI Warns
In a recent warning, the FBI has revealed that North Korean hackers have been using various techniques, including VPN services, stolen identification documents, and fake social media accounts, to deceive US companies into hiring them as IT remote workers. It is estimated that over the past five years, thousands of IT freelancers from North Korea have successfully concealed their identities to secure jobs in US firms. The funds earned through these jobs are believed to be used to finance Kim Jong Un’s weapons programs, steal company secrets, and spread malware.
Recognizing the severity of the issue, both US and South Korean authorities have updated their guidelines to help employers avoid unwittingly hiring North Korean agents as freelance workers.
Jay Greenberg, FBI agent in charge of the St. Louis Division, stated, “North Korea has flooded the global marketplace with ill-intentioned information technology workers.” The FBI’s St. Louis Division has taken action against the hackers, seizing approximately $1.5 million and 17 web domain names associated with the deceptive campaign. However, it is suspected that workers associated with the Democratic People’s Republic of Korea (DPRK) are still infiltrating companies.
To deceive employers and conceal their real identities, malicious North Korean IT workers have employed various tactics. They have used stolen or counterfeit identity documents to pass online identity checks. Additionally, it has been discovered that hackers have paid individuals in the US to attend online interviews and video conferences on their behalf. Moreover, they utilize virtual private networks (VPNs) to mask their IP addresses and enhance their anonymity. They also create fake social media accounts and company websites to appear more legitimate.
In light of these revelations, the FBI has provided new guidance to employers. They recommend vigilance in identifying suspicious behaviors, such as repeated requests for prepayment accompanied by threats to release proprietary source code, refusal to appear on camera or take drug tests, and the use of ever-changing freight addresses instead of home addresses. Additionally, the FBI advises conducting online background checks to ensure the same identity is not associated with multiple profiles and keeping records of all interactions with potential employees.
From a cybersecurity perspective, employers should require their freelancers to disable private VPNs when accessing company networks. It is further advised to implement a strict zero-trust cybersecurity approach, limiting access to sensitive proprietary information for remote workers whenever possible.
It is important to note that the tech sector is not the only industry targeted by North Korean hackers. John Hultquist, the head of threat intelligence at cybersecurity firm Mandiant, emphasized that hackers operate across various fields.
Jay Greenberg emphasized the significance of due diligence, stating, “Without due diligence, companies risk losing money or being compromised by insider threats they unknowingly invited inside their systems.” It is crucial for employers to remain vigilant and take proactive steps to safeguard their businesses from these deceptive practices.
I have over 10 years of experience in the cryptocurrency industry and I have been on the list of the top authors on LinkedIn for the past 5 years.