Skip to main contentSkip to navigation

Don’t accidentally hire a North Korean hacker, FBI warns

Employing remote IT workers who are secretly working for Kim Jong-un’s regime poses risks and may breach sanctions, say US agencies

Computer users at the Sci-Tech Complex in Pyongyang, North Korea.
Computer users at the Sci-Tech Complex in Pyongyang, North Korea. Photograph: Wong Maye-E/AP
Computer users at the Sci-Tech Complex in Pyongyang, North Korea. Photograph: Wong Maye-E/AP

US officials have warned businesses against inadvertently hiring IT staff from North Korea, saying that rogue freelancers were taking advantage of remote work opportunities to hide their true identities and earn money for Pyongyang.

An advisory issued by the state and treasury departments and the FBI said the effort was intended to circumvent US and UN sanctions, and bring in money for North Korea’s nuclear weapons and ballistic missile programs. The officials said companies who hired and paid such workers may be exposing themselves to legal consequences for sanctions violations.

“There are thousands of DPRK IT workers both dispatched overseas and located within the DPRK, generating revenue that is remitted back to the North Korean government.

“These IT workers take advantage of existing demands for specific IT skills, such as software and mobile application development, to obtain freelance employment contracts from clients around the world, including in North America, Europe, and east Asia.”

North Korean workers pretended to be from South Korea, Japan, or other Asian countries, the advisory said. It laid out a series of red flags that employers should watch for, including a refusal to participate in video calls and requests to receive payments in virtual currency.

US officials said the North Koreans were mostly based in China and Russia, with smaller numbers operating out of Africa and south-east Asia. Much of the money they earned was taken by the North Korean government.

The advisory says that while much of the surreptitious job-seeking is to earn foreign exchange or to access virtual currency exchanges, some of the workers have helped Pyongyang’s government-backed hacking operations.

The workers also “may steal the customer account information of US or international banks to verify their identities with freelance platforms, payment providers, and companies employing” contract workers, it said.

Hiring the North Koreans “poses many risks, ranging from theft of intellectual property, data, and funds to reputational harm and legal consequences, including sanctions under both US and United Nations authorities”, it said.

With Reuters and Agence France-Presse