CONFERENCE Watch Now: Threat Detection & Incident Response (TDIR) Summit - Watch Event On-Demand
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

US Government Says North Korean IT Workers Enable DPRK Hacking Operations

The US government has warned companies that some of their IT workers may be from North Korea, and these individuals could be aiding their country’s hacking operations.

The US government has warned companies that some of their IT workers may be from North Korea, and these individuals could be aiding their country’s hacking operations.

According to an unclassified advisory from the Department of State, Department of the Treasury, and the FBI, IT workers from the Democratic People’s Republic of Korea (DPRK) are posing as non-North Korean nationals in an effort to gain employment that they would otherwise not be able to obtain due to current sanctions.

The government has warned that thousands of highly skilled IT workers are being dispatched around the world to obtain money that can fund the North Korean regime, including its military programs.

These rogue workers can earn more than $300,000 per year for developing mobile and web applications, building digital currency exchange platforms, providing IT support, developing hardware and firmware, and creating and managing databases. They can be involved in the development of graphic animation, online gambling platforms, dating apps, AI, virtual reality platforms, and biometric recognition software.

The US government noted that while North Korean IT workers typically do not engage in malicious cyber activities, they have been known to leverage their privileged access to enable cyber intrusions.

“Some overseas-based DPRK IT workers have provided logistical support to DPRK-based malicious cyber actors, although the IT workers are unlikely to be involved in malicious cyber activities themselves,” the unclassified advisory reads. “DPRK IT workers may share access to virtual infrastructure, facilitate sales of data stolen by DPRK cyber actors, or assist with the DPRK’s money-laundering and virtual currency transfers.”

Malicious cyber activities have helped North Korea make billions of dollars and the US is prepared to offer up to $5 million for information about the country’s illegal activities in cyberspace.

“Defending against North Korean nation-state actors is difficult, particularly when these threats are now coming from both outside and inside organizations,” said ​​Kevin Bocek, VP of security strategy and threat intelligence at Venafi. “They are often well funded, highly sophisticated, and – as we’re seeing with this FBI warning – capable of thinking outside the box to find new ways to attack networks, as we’re now seeing with rogue freelancers hacking from within.”

Advertisement. Scroll to continue reading.

“Organizations must now be proactive, not reactive in their security defenses. It’s clear that recruitment processes have to be robust to prevent hiring a rogue freelancer,” Bocek added.

One of the most significant sources of income for North Korea continues to be cyberattacks targeting blockchain and cryptocurrency organizations. The US recently blamed DPRK for the $600 million Ronin Validator cryptocurrency heist, which authorities believe was conducted by the notorious Lazarus Group.

Related: North Korea APT Lazarus Targeting Chemical Sector

Related: North Korea Gov Hackers Caught Sharing Chrome Zero-Day

Related: UN Experts: North Korea Stealing Millions in Cyber Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.