North Korean IT workers seeking employment in Western tech companies are resorting to elaborate strategies and tactics to secure jobs, according to cybersecurity researchers. These individuals use fake names, counterfeit work papers, sham LinkedIn profiles, and scripted interview responses to convince hiring managers. This clandestine effort by North Korea aims to generate foreign currency to fund the country’s nuclear missile program.
The researchers at Palo Alto Networks (PANW.O), a leading U.S. cybersecurity firm, uncovered a series of documents detailing the operations of North Korea’s remote IT workforce. These documents include fraudulent resumes, forged online profiles, interview notes, and fake identities used by North Korean IT workers to apply for software development jobs abroad. Leaked darkweb data further revealed the tools and techniques employed by these workers to secure employment opportunities in various countries.
North Korea has been dispatching thousands of IT workers overseas in recent years, significantly accelerating this initiative. The United States, South Korea, and the United Nations have all cautioned that the funds generated by these IT workers are channeled into financing Pyongyang’s nuclear missile program.
To ensure the success of this scheme, North Korean authorities have not only developed intricate scripts and documentation but have also utilized tactics to justify the need for remote work. These include citing personal family emergencies, such as COVID-19 cases, as reasons for working remotely.
The financial disparity between remote IT work and other manual labor jobs abroad is substantial. According to the U.S. Justice Department, remote IT workers can earn more than ten times what a conventional North Korean laborer earns. In fact, teams of remote IT workers collectively bring in over $3 million per year. However, the exact amount generated by this scheme remains unknown.
A former North Korean IT worker, who wished to remain anonymous, confirmed the authenticity of the discovered documents and shared insights into the strategies employed. These techniques involved creating multiple fake profiles until securing a job, and even creating secondary fake profiles after being hired. The risks associated with this scheme extend beyond the financial gains, as these privileged workers are exposed to the realities of the outside world, making them aware of their country’s enforced backwardness.
Last year, the U.S. government reported that most North Korean IT workers were based in China and Russia, with some located in Africa and Southeast Asia. Earnings can reach up to $300,000 per year, with a significant portion repatriated to Pyongyang, expenses deducted, and the remainder pocketed by the workers. It is estimated that approximately 3,000 North Korean IT workers are deployed overseas, with another 1,000 working within North Korea.
The discovered documents also hint at potential links between North Korean IT workers and the country’s hackers. While the defector stated that espionage missions are reserved for a select few, the Department of Justice and FBI have warned that these workers may exploit their access to carry out hacking activities. Some leaked resumes even revealed experience in the cryptocurrency sector, an industry that has long been targeted by North Korean hackers.
In their endeavor to secure employment, North Korean IT workers have also resorted to creating fake identities, as revealed by data from Constella Intelligence. The data showed that one worker had accounts on over 20 freelancing websites across multiple countries. Additionally, evidence was found of workers purchasing access to legitimate online profiles to enhance their credibility.
The revelations about the strategies and tactics employed by North Korean IT workers shed light on the elaborate measures taken to maintain a remote workforce generating vital foreign currency for the cash-strapped regime. These findings serve as a reminder of the complexities and challenges faced by hiring managers in identifying and verifying the authenticity of job candidates, particularly in the realm of remote work.
Frequently Asked Questions
1. What strategies do North Korean IT workers use to secure jobs?
North Korean IT workers employ a range of strategies, including using fake names, counterfeit work papers, sham LinkedIn profiles, and scripted interview responses, to convince hiring managers of their credibility and suitability for employment.
2. Why do North Korean IT workers resort to such measures?
These measures are part of an elaborate scheme by North Korean authorities to generate foreign currency for the country’s nuclear missile program.
3. How much can North Korean IT workers earn through remote employment?
Remote IT workers can earn significantly more than conventional North Korean laborers, with some individuals earning up to $300,000 per year.
4. How do North Korean IT workers justify the need for remote work?
To justify remote work arrangements, North Korean IT workers may cite personal family emergencies, such as COVID-19 cases, as reasons for working remotely.
5. Are there risks associated with this scheme for North Korean IT workers?
Yes, there are risks. These workers are exposed to the realities of the outside world, which contrasts with the enforced backwardness of their country. This exposure can pose a risk to the North Korean government.
Sources:
– Palo Alto Networks: [https://www.paloaltonetworks.com]
– U.S. Justice Department: [https://www.justice.gov]
– Constella Intelligence: [https://www.constellaintelligence.com]