Private sector and the public are facing a threat from the Democratic People’s Republic of Korea (North Korea), said officials at the Federal Bureau of Investigation (FBI).

North Korea is evading U.S. and U.N. sanctions by targeting private companies to illicitly generate substantial revenue for the regime, the FBI said in an advisory. Furthermore, North Korean IT workers use a variety of techniques to obfuscate their identities, including leveraging U.S.-based individuals, wittingly and unwittingly, to gain fraudulent employment and access to U.S. company networks to generate this revenue.

Additionally, these individuals provide a U.S.-based location for companies to send devices, enabling North Korean IT workers to circumvent controls companies may have in place, according to the advisory.

North Korean IT workers’ activities illegally violate U.S. and U.N. sanctions and threaten the security of the targeted companies. Companies that outsource IT work support to third-party vendors can face additional vulnerabilities since these companies are not a part of the direct hiring process.

Specifically, U.S.-based facilitators have provided the following services to North Korean IT workers:

Schneider Bold
  • A U.S.-based Internet connection enabled through U.S. company laptops received on their behalf by facilitators in the United States.
  • Setup of U.S.-based infrastructure, including by enabling remote desktop connections to U.S. company laptops through protocols or remote desktop connection software download and installation.
  • Reshipment of U.S. company laptops to North Korean IT workers overseas.
  • Setup of financial accounts for North Korean IT workers. Some U.S.-based facilitators receive shares of the proceeds earned through North Korean IT worker employment schemes.
  • Creation of accounts on popular job search sites for use by North Korean IT workers.
  • Assistance purchasing and funding web services, such as artificial intelligence models and background check programs for use by North Korean IT workers.
  • Attendance at virtual interviews and meetings on behalf of North Korean IT workers.
  • Creation of U.S.-based front businesses, including businesses purporting to offer short-term technical contract workers.

The following are tips to protect yourself from these types of advances:

  • Implement identity verification processes during hiring, onboarding, and throughout the employment of any remote worker.
  • Educate HR staff, hiring managers, and development teams regarding this threat.
  • Monitor applicants for changes in addresses, particularly after being hired but before laptops end up delivered to the applicant-provided address.
  • Note unusual network traffic, to include remote connections to devices, and monitor environments for presence of remote desktop protocols or prohibited software.
  • Note inconsistencies in interviews, especially applicants being unable to field questions about where they live or key details about their past.
  • Note increased noise during interviews or sounds as if an applicant is surrounded by others doing similar work.
    Verify all remote workers’ identification information at
  • Note errors derived in the hiring process from the E-Verify check and request in-person or other reliable means of verification.
  • Ensure third-party staffing firms conduct robust hiring practices to fill jobs, routinely audit hiring practices, and flag changes in address or payment platforms.

Pin It on Pinterest

Share This