- US government warns against hiring North Koreans in IT and crypto jobs online.
- The authorities ask employers to be alerted by red flags like requests to receive payments in virtual currencies.
- A reward of up to $5 million from the US government for reporting illicit DPRK activity in cyberspace.
Three US government agencies unanimously issued a public advisory warning the local employers against the influx of North Korean workers in the IT sector, especially in the crypto industry who often use illicit tactics and phoney identities to conceal their nationality.
This warning is issued as a new joint advisory from The Federal Bureau of Investigation (FBI), US Department of Treasury and US Department of State. It elaborates the role of North Korean IT workers in raising revenue that contributes to the ballistic missile programs and the weapons of mass destruction (WMD) in North Korea, in violation of US and UN sanctions.
The advisory states the workers from the Democratic People’s Republic of Korea (DPRK) purchase third-country IP addresses and steal identities by using Virtual Private Networks (VPNs), it further mentions
These workers develop applications and software spanning a range of sectors, including, but not limited to, business, cryptocurrency, health and fitness, social networking, sports, entertainment and lifestyle.
The advisory highlighted critical identifiers and red flags such as “frequent transfers of money through payment platforms, especially from the People’s Republic of China (PRC)-based bank accounts, or requests for payment in cryptocurrency” among other signs.
It also mentions that these workers pose a range of risks including theft of funds, data, and intellectual property that could be used to violate sanctions.
DPRK workers have been infamous for stealing money through various hacks and ransomware attacks. Their notorious hacking group Lazarus allegedly stole over $625 million worth of crypto from the popular play-to-earn game Axie Infinity’s Ronin Bridge, just last month.
As the need for crypto bravery and protection is a point of contention at this moment, the US authorities have accused these workers of using “privileged access gained as contractors to enable the DPRK’s malicious cyber intrusions.”
In an attempt to curb cybercrime, the Department of State’s Rewards for Justice program in this advisory mentions offering an award of up to $5 million to those who can provide information about ‘the illicit DPRK activities in cyberspace, including the past or ongoing operations.’