Businesses should be aware of growing security risks from North Korean IT workers targeting freelance contracts from businesses in the U.S. and other countries. Typically, these workers fraudulently claim they are from the US or somewhere other than North Korea so they can engage in non-malicious IT work for a business – an activity that is barred by U.S. and United Nations authorities and can have serious consequences for the businesses that accidentally retain them. These workers often gain privileged access to sensitive systems and data through their employment, which can be exploited for malicious purposes, including cyber intrusions and espionage. Here’s what you need to know about this fraudulent activity, the potential risks and red flags to watch for, and the steps you can take to protect your business.
Threat Assessment
The federal government has been tracking this issue and providing guidance for years. You can read about the identified threats and potential consequences here: May 16, 2022, October 18, 2023, May 16, 2024, and January 23, 2025.
Notably, North Korean IT workers sometimes work with U.S.-based individuals to provide assistance for their scams, such as:
In the FBI’s January 2025 guidance, the Bureau points to additional risks of potential extortion and data theft if the fraudulent workers are discovered by the organization. It appears this is a last-ditch effort to gain more funds and is yet another reason to ensure your screening process weeds out fraudulent freelancers.