The United States and South Korea have issued an alert to the international community on North Korean hackers posing as non-North Korean job seekers, whose objectives are to undertake cyber missions that could accelerate Pyongyang’s nuclear ambitions.
The authorities from the two countries issued a joint public service announcement late Wednesday that these hackers impersonate “IT workers” and non-DPRK nationals, who could potentially infiltrate global companies.
"DPRK IT workers continue to take advantage of demand for specific IT skills such as software and mobile application development while fraudulently obtaining employment contracts around the world, including in the United States. This action leads to companies unwittingly hiring DPRK IT workers," the U.S. Department of State said in a statement, referring to the North's formal name, the Democratic People's Republic of Korea.
The State Department added that it was closely collaborating with the Federal Bureau of Investigation, as well as the South’s of Foreign Ministry, National Police Agency, and National Intelligence Service (NIS) to tackle the issue.
This initiative followed the similar warnings issued in May and December last year. The latest warning provided an update of clearer guidelines on how the North Korean covert hackers operate.
“Hiring or supporting DPRK IT workers – knowingly or unknowingly – poses many risks, ranging from theft of intellectual property, data, and funds, to reputational harm and legal consequences, including under U.S., ROK, and UN sanctions,” the statement said, referring to South Korea’s formal name.
The authorities noted that North Korean IT workers’ potential hacking may aid Pyongyang’s development of weapons of mass destruction and ballistic missile programs.
On Thursday, South Korea's foreign ministry reinforced the statement and elaborated on particular red flags associated with North Korean IT workers. The ministry said that unusual requests, such as seeking alternative payment methods instead of the usual account details for salaries or using a freight forwarder's address instead of a personal home address for deliveries, could be key indicators of suspicious activity.
“Collaborating with North Korean IT experts not only jeopardizes a company’s reputation but also poses the threat of unauthorized access to its confidential data and potential asset theft,” the ministry warned.
The warning came amidst the COVID-19 pandemic and ongoing U.N. sanctions, which continued to push North Korea's economy downwards. The statement said hacking has turned into a major stream of revenue for North Korea. The North Korean regime has recently not only been targeting financial institutions and cryptocurrencies, but also seek to exploit vulnerabilities across various sectors, including manufacturing companies.
Earlier this month, South Korea's spy agency, NIS, revealed that it has identified numerous instances where North Korean hacking groups targeted key shipbuilding firms in the South.
North Korea has also turned to hacking as a means of advancing its technology capabilities, seeking to bridge the gap with advanced nations. It had attempted to steal information on COVID vaccines via hacking Pfizer, the NIS told South Korean lawmakers in 2021.
Edited by Elaine Chan and Taejun Kang.