North Korean Hackers Deceive US Companies through Fake IT Jobs, FBI Warns

North Korean hackers have been employing various methods, including VPN services, stolen identification documents, and fake social media accounts, to trick US companies into hiring them as remote IT workers, according to a warning issued by the FBI. It is estimated that over the past five years, thousands of North Korean freelancers have successfully concealed their identities to secure jobs in American firms. These individuals are believed to be using the funds gained to support Kim Jong Un’s weapons programs, steal sensitive information, and spread malware.

In response to the evidence, authorities from the United States and South Korea have updated their guidelines to help employers avoid unwittingly hiring North Korean agents as freelance workers.

Jay Greenberg, an FBI agent in charge of the St. Louis Division, stated, “North Korea has flooded the global marketplace with ill-intentioned information technology workers.” As part of efforts to combat these activities, Greenberg’s division has seized approximately $1.5 million and 17 web domain names used in the deceptive campaign. However, it is suspected that infiltration by workers linked to the Democratic People’s Republic of Korea (DPRK) is still ongoing.

The deceptive tactics employed by malicious North Korean IT workers involve the use of stolen or counterfeit identity documents to pass online checks. They have even paid US individuals to attend online interviews and video conferences on their behalf. Additionally, these hackers utilize virtual private networks (VPNs) to conceal their IP addresses and enhance their anonymity. They may also create fake social media accounts and company websites to appear more legitimate.

Greenberg emphasized the importance of companies taking proactive steps to make it harder for bad actors to hide their identities. The FBI recommends vigilance in watching out for suspicious behaviors, such as repeated requests for prepayment accompanied by threats, refusal to appear on camera or take drug tests, and the use of changing addresses. Employers are also encouraged to conduct online background checks and keep records of interactions with potential employees.

In terms of online security, companies should require freelancers to turn off private VPNs when accessing company networks. Implementing a strict zero-trust cybersecurity approach, which limits access to proprietary information for remote workers, is also advised. It is worth noting that the tech sector is not the only target for North Korean hackers, as they operate across various fields.

Greenberg warned, “Without due diligence, companies risk losing money or being compromised by insider threats they unknowingly invited inside their systems.”