The public advisory warned private firms to do their due diligence before hiring freelance workers, as North Koreans often use illicit tactics and stolen identities to hide their nationality.
The United States Department of Justice, State and the Treasury issued a joint advisery warning against the influx of North Korean workers in various freelance tech jobs, especially in the crypto industry
The public advisory was released on Friday, highlighting the critical red flags and identifiers for private firms to avoid hiring North Korean workers. The U.S. agencies warned that these workers pose a range of risks including theft of intellectual property, data and funds that could be used to violate sanctions.
There has been a significant increase in the freelance job market due to the pandemic, and crypto being a decentralized sector, offers some of the most lucrative IT jobs in the current industry. This is the reason for concern for the U.S. agencies who are wary of North Korea’s interest in the crypto sector.
Overview of North Korean Worker Operations
The advisory noted that North Korean workers often use virtual private networks (VPNs) to purchase third-country IP addresses and stolen identities to hide their origin country. The advisory further read:
To identify and weed out such workers from the U.S.-based companies, the advisery listed various red flags to be wary of, including inconsistencies in name spelling, nationality, claimed work location, contact information, educational history, work history and other details across a developer’s freelance platform profiles.
Request for payments in cryptocurrency and frequent transfer of money to People’s Republic of China-based bank accounts were other critical red flags listed in the advisory.
North Korea has been infamous for stealing money through various ransomware attacks and hacks and is home to one of the most notable hacking groups called Lazarus. The recent Axie Inifity’s Ronin Bridge hack that resulted in a loss of over $600 million worth of crypto was also tied to the same hacking group.