Security Experts:

Connect with us

Hi, what are you looking for?



US Government Says North Korean IT Workers Enable DPRK Hacking Operations

The US government has warned companies that some of their IT workers may be from North Korea, and these individuals could be aiding their country’s hacking operations.

The US government has warned companies that some of their IT workers may be from North Korea, and these individuals could be aiding their country’s hacking operations.

According to an unclassified advisory from the Department of State, Department of the Treasury, and the FBI, IT workers from the Democratic People’s Republic of Korea (DPRK) are posing as non-North Korean nationals in an effort to gain employment that they would otherwise not be able to obtain due to current sanctions.

The government has warned that thousands of highly skilled IT workers are being dispatched around the world to obtain money that can fund the North Korean regime, including its military programs.

These rogue workers can earn more than $300,000 per year for developing mobile and web applications, building digital currency exchange platforms, providing IT support, developing hardware and firmware, and creating and managing databases. They can be involved in the development of graphic animation, online gambling platforms, dating apps, AI, virtual reality platforms, and biometric recognition software.

The US government noted that while North Korean IT workers typically do not engage in malicious cyber activities, they have been known to leverage their privileged access to enable cyber intrusions.

“Some overseas-based DPRK IT workers have provided logistical support to DPRK-based malicious cyber actors, although the IT workers are unlikely to be involved in malicious cyber activities themselves,” the unclassified advisory reads. “DPRK IT workers may share access to virtual infrastructure, facilitate sales of data stolen by DPRK cyber actors, or assist with the DPRK’s money-laundering and virtual currency transfers.”

Malicious cyber activities have helped North Korea make billions of dollars and the US is prepared to offer up to $5 million for information about the country’s illegal activities in cyberspace.

“Defending against North Korean nation-state actors is difficult, particularly when these threats are now coming from both outside and inside organizations,” said ​​Kevin Bocek, VP of security strategy and threat intelligence at Venafi. “They are often well funded, highly sophisticated, and – as we’re seeing with this FBI warning – capable of thinking outside the box to find new ways to attack networks, as we’re now seeing with rogue freelancers hacking from within.”

“Organizations must now be proactive, not reactive in their security defenses. It’s clear that recruitment processes have to be robust to prevent hiring a rogue freelancer,” Bocek added.

One of the most significant sources of income for North Korea continues to be cyberattacks targeting blockchain and cryptocurrency organizations. The US recently blamed DPRK for the $600 million Ronin Validator cryptocurrency heist, which authorities believe was conducted by the notorious Lazarus Group.

Related: North Korea APT Lazarus Targeting Chemical Sector

Related: North Korea Gov Hackers Caught Sharing Chrome Zero-Day

Related: UN Experts: North Korea Stealing Millions in Cyber Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


FBI says a North Korea-linked threat group known as Lazarus and APT38 is behind the $100 million Horizon bridge cryptocurrency heist.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.