Security Experts:

Connect with us

Hi, what are you looking for?



US Government Says North Korean IT Workers Enable DPRK Hacking Operations

The US government has warned companies that some of their IT workers may be from North Korea, and these individuals could be aiding their country’s hacking operations.

The US government has warned companies that some of their IT workers may be from North Korea, and these individuals could be aiding their country’s hacking operations.

According to an unclassified advisory from the Department of State, Department of the Treasury, and the FBI, IT workers from the Democratic People’s Republic of Korea (DPRK) are posing as non-North Korean nationals in an effort to gain employment that they would otherwise not be able to obtain due to current sanctions.

The government has warned that thousands of highly skilled IT workers are being dispatched around the world to obtain money that can fund the North Korean regime, including its military programs.

These rogue workers can earn more than $300,000 per year for developing mobile and web applications, building digital currency exchange platforms, providing IT support, developing hardware and firmware, and creating and managing databases. They can be involved in the development of graphic animation, online gambling platforms, dating apps, AI, virtual reality platforms, and biometric recognition software.

The US government noted that while North Korean IT workers typically do not engage in malicious cyber activities, they have been known to leverage their privileged access to enable cyber intrusions.

“Some overseas-based DPRK IT workers have provided logistical support to DPRK-based malicious cyber actors, although the IT workers are unlikely to be involved in malicious cyber activities themselves,” the unclassified advisory reads. “DPRK IT workers may share access to virtual infrastructure, facilitate sales of data stolen by DPRK cyber actors, or assist with the DPRK’s money-laundering and virtual currency transfers.”

Malicious cyber activities have helped North Korea make billions of dollars and the US is prepared to offer up to $5 million for information about the country’s illegal activities in cyberspace.

“Defending against North Korean nation-state actors is difficult, particularly when these threats are now coming from both outside and inside organizations,” said ​​Kevin Bocek, VP of security strategy and threat intelligence at Venafi. “They are often well funded, highly sophisticated, and – as we’re seeing with this FBI warning – capable of thinking outside the box to find new ways to attack networks, as we’re now seeing with rogue freelancers hacking from within.”

“Organizations must now be proactive, not reactive in their security defenses. It’s clear that recruitment processes have to be robust to prevent hiring a rogue freelancer,” Bocek added.

One of the most significant sources of income for North Korea continues to be cyberattacks targeting blockchain and cryptocurrency organizations. The US recently blamed DPRK for the $600 million Ronin Validator cryptocurrency heist, which authorities believe was conducted by the notorious Lazarus Group.

Related: North Korea APT Lazarus Targeting Chemical Sector

Related: North Korea Gov Hackers Caught Sharing Chrome Zero-Day

Related: UN Experts: North Korea Stealing Millions in Cyber Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.