US Agencies Warn of Attempts by North Koreans to Get IT Jobs While Concealing Nationality

In many cases, these workers say they are U.S.-based and not North Korean teleworkers, and they often take on virtual currency projects.

Three U.S. government agencies warned Monday that IT workers from North Korea were trying to secure jobs while posing as nationals from countries other than North Korea, often claiming they are based in the U.S. and not North Korean teleworkers.

  • There are reputational as well as legal risks involved in hiring North Korean workers, according to the State Department, the Department of Treasury and the FBI. Both the U.S. and the United Nations have sanctions in place against North Korea, and the agencies said that many of these workers generated revenue that contributes to the country’s weapons of mass destruction (WMD) and ballistic missile programs, in violation of those sanctions.
  • The warning noted in particular that IT workers from North Korea often take on projects that involve virtual currency. “Some DPRK (Democratic People’s Republic of Korea) IT workers have designed virtual currency exchanges or created analytic tools and applications for virtual currency traders and marketed their products themselves,” the document said.
  • The agencies added that while these workers often engage in normal IT work, “they have used the privileged access gained as contractors to enable the DPRK’s malicious cyber intrusions.”
  • The latest warning comes after several U.S. government organizations jointly highlighted last month the threat posed by cryptocurrency thefts and tactics used by the North Korean state-sponsored group known as Lazarus Group.
  • The Treasury Department has tied Lazarus to the high-profile theft of $625 million worth of cryptocurrency from the Ronin bridge linked to the popular play-to-earn game Axie Infinity.