The IT Nerd

I have to admit that reading this story from The Guardian was not on my bingo card when I woke up this morning. U.S. officials have warned businesses against inadvertently hiring IT staff from North Korea, claiming that rogue freelancers were taking advantage of remote work opportunities to hide their true identities with the intent of earning money for Pyongyang.

An advisory issued by the state and treasury departments and the FBI said the effort was intended to circumvent US and UN sanctions, and bring in money for North Korea’s nuclear weapons and ballistic missile programs. The officials said companies who hired and paid such workers may be exposing themselves to legal consequences for sanctions violations.

“There are thousands of DPRK IT workers both dispatched overseas and located within the DPRK, generating revenue that is remitted back to the North Korean government.

“These IT workers take advantage of existing demands for specific IT skills, such as software and mobile application development, to obtain freelance employment contracts from clients around the world, including in North America, Europe, and east Asia.”

North Korean workers pretended to be from South Korea, Japan, or other Asian countries, the advisory said. It laid out a series of red flags that employers should watch for, including a refusal to participate in video calls and requests to receive payments in virtual currency.

Kevin Bocek, VP, Security Strategy and Threat Intelligence for Venafi had this comment:

“Defending against North Korean nation-state actors is difficult, particularly when these threats are now coming from both outside and inside organisations. They are often well funded, highly sophisticated, and – as we’re seeing with this FBI warning – capable of thinking outside the box to find new ways to attack networks, as we’re now seeing with rogue freelancers hacking from within. Our recent research shows that cybercrime has become a primary means of revenue generation in North Korea, and APT groups are helping it to work outside of international sanctions, funding political and military gains. In fact, it’s estimated that up to $2bn makes its way directly into North Korea’s weapons program each year as a result of nation state cybercrime.

“Ultimately, there’s no telling what these rogue freelancers are after. The targets that spring to mind are data theft or potentially funds, but we’ve seen in the past that North Korean APT groups have made use of stolen code signing identities in devastating nation state attacks, so they’re likely to be on the table as well. The problem is that there’s currently not enough awareness and security around the importance of machine identities. This lack of focus allows North Korean cybercriminals to take advantage of a serious blind spot in software supply chain attacks.

“Organizations must now be proactive, not reactive in their security defenses. It’s clear that recruitment processes have to be robust to prevent hiring a rogue freelancer. For companies looking to protect against the impact these threat actors could have if armed with stolen code signing certificates, machine identity management remains the best defense. Businesses must have visibility over their environments in order to spot changes and react fast, both from a human identity and a machine identity perspective. Without the effective management of both machines and humans, we’ll continue to see APT groups thrive, and high-profile nation-state attacks will continue to affect businesses and government. The automation of machine identity management can help to take this element of security out of already overstretched security teams hands.”

It does beg the question if other countries with dodgy reputations like Russia and China are doing something similar. I’d be interested in knowing that answer as it likely would influence how safe we all are.

This entry was posted on May 19, 2022 at 12:15 pm and is filed under Commentary with tags North Korea. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.