North Korean IT scam targets western firms
North Korean IT workers are employing sophisticated deception to land remote IT jobs in Western tech companies. They use false names, fake LinkedIn profiles, counterfeit work documents, and scripted interviews to overcome employment barriers.
This strategy, crucial for North Korea's foreign currency earnings and nuclear missile program financing, involves methods designed to persuade Western hiring managers, as revealed by documents reviewed by Reuters and interviews with a former North Korean IT worker and cybersecurity experts.
The United States, South Korea, and the United Nations have reported that North Korea dispatched thousands of IT workers abroad over the past four years to raise millions of dollars. Despite the threat of punishment for free expression in North Korea, these workers use interview scripts to portray a favorable corporate culture. Palo Alto Networks, a U.S. cybersecurity firm, uncovered internal documents outlining North Korea's remote IT workforce operations, including bogus resumes and identities.
Leaked darkweb data further exposes the tactics North Korean workers use to secure jobs internationally, a crucial operation for the financially struggling regime. According to the U.S. Justice Department, these IT workers can earn significantly more than other North Korean laborers abroad, collectively making over $3 million annually.
These scripts often rationalize the need for remote work. One, used by a senior software developer named "Richard," cites family health issues to justify remote work. A defected North Korean IT worker confirmed to Reuters that creating multiple fake profiles for job applications is a standard practice.
The U.S. government has raised alarms about the risks associated with North Korean IT workers, including potential hacking. Some of their resumes show experience in the cryptocurrency sector, frequently targeted by North Korean hackers. The documents also reveal their use of sophisticated fake IDs and the purchase of legitimate online profiles to enhance credibility. LinkedIn has removed such an account, demonstrating the challenges in identifying and stopping these fraudulent actions.