North Korean hackers are posing as crypto freelancers to secure remote work abroad, researchers say

Cybersecurity researchers said the intelligence collected could give Pyongyang an edge in how to launder cryptocurrency and avoid sanctions

The US warned earlier this year that North Koreans primarily located in China and Russia were trying to obtain freelance employment abroad

Reading Time:4 minutes

North Koreans work on computers in a library at Kim Il-sung University in this 2011 file photo. Photo: AP

Published: 11:04am, 2 Aug 2022

North Koreans are plagiarising online résumés and pretending to be from other countries to get remote work at cryptocurrency firms to aid illicit money-raising efforts for the government, cybersecurity researchers say.

The fraudsters lift details they find on legitimate profiles on LinkedIn and Indeed for their resumes to get work at US cryptocurrency firms, according to security researchers at Mandiant Inc.

One applicant identified by Mandiant on July 14 claimed to be an “innovative and strategic thinking professional” in the tech industry and an experienced software developer. “The world will see the great result from my hands,” the jobseeker added in a cover letter. Nearly identical language was found in another user’s profile.

The logos of Litecoin, Bitcoin, and Ethereum are seen on a cryptocurrency automated teller machine. By collecting information from crypto companies, North Koreans can gather intelligence about coming trends, researchers said. Photo: Bloomberg

The evidence detected by Mandiant reinforces allegations made by the US government in May. The United States warned that North Korean IT workers are trying to obtain freelance employment abroad while posing as non-North Korean nationals, in part to raise money for government weapons development programmes. The IT workers claim to have the kinds of skills necessary for complex work like mobile app development, building virtual currency exchanges and mobile gaming, according to the US advisory.

The North Korean IT workers were primarily located in China and Russia, with a smaller number in Africa and Southeast Asia, according to the US. They also target freelance contracts in wealthier nations, including in North America and Europe, and in many cases, present themselves as being South Korean, Japanese or even US-based teleworkers, according to the US warning.

According to the Mandiant researchers, by collecting information from cryptocurrency companies, North Koreans can gather intelligence about coming cryptocurrency trends. Such data – about topics such as the Ethereum virtual currency, nonfungible tokens and potential security lapses – could give the North Korean government an edge in how to launder cryptocurrency in a way that helps Pyongyang avoid sanctions, said Joe Dobson, a principal analyst at Mandiant.

“It comes down to insider threats,” Dobson said. “If someone gets hired onto a crypto project, and they become a core developer, that allows them to influence things, whether for good or not.”

Select Voice

Choose your listening speed

Get through articles 2x faster

1.25x

250 WPM

Slow

Average

Fast

00:0000:00

1.25x