DPRK IT workers used fake IDs and purchased Upwork/LinkedIn accounts for developer jobs.
PorAinvest
miércoles, 13 de agosto de 2025, 8:55 am ET1 min de lectura
UPWK--
The US Treasury Department first warned about this tactic in 2022, highlighting the use of fake identities by North Korean IT workers to secure freelance contracts. These workers often pose as South Korean, Chinese, Japanese, or Eastern European, and as US-based teleworkers [1]. They use front companies in China, Russia, Southeast Asia, and Africa to mask their identities and secure jobs in Western companies.
A recent high-profile case involved Christina Chapman, who was convicted for orchestrating a scheme that enabled North Korean IT workers to pose as US citizens and residents using stolen identities. The conspiracy generated over $17 million in illicit revenue over three years [1]. Chapman ran a "laptop farm" hosting overseas IT workers' computers inside her home, making it appear that the computers were located in the US. She forged payroll checks and laundered salaries through bank accounts under her control.
The techniques used by North Korean agents have evolved, including disabling secure access service edge tools and abusing privileged access from one organization to infiltrate another [1]. These workers often use deepfake technologies, extortion scams, and advanced AI tools to evade detection. For instance, the software engineer hired by security awareness vendor KnowBe4 used a valid but stolen US-based identity and enhanced his application photo using AI tools from a stock image [1].
The growing body of evidence suggests that thousands of highly skilled IT workers from North Korea are seeking jobs worldwide. Mandiant reported that these workers acquire freelance contracts from clients around the world, although they mainly engage in legitimate IT work, they have misused their access to enable malicious cyber intrusions [1]. This trend is not limited to the US; European businesses are also targeted, with suspected DPRK workers undertaking projects in areas such as web development, bot development, content management system (CMS) development, and blockchain technology [1].
The increasing sophistication of these schemes underscores the need for companies to carry out tighter vetting of new hires. CISOs are urged to implement robust background checks and secure access service edge tools to mitigate the risk of infiltration by North Korean IT workers.
References:
[1] https://www.csoonline.com/article/4033022/how-not-to-hire-a-north-korean-it-spy-3.html
DPRK IT workers used fake IDs and purchased Upwork/LinkedIn accounts for developer jobs.
In a growing trend that poses significant security risks, North Korean IT workers are leveraging freelance platforms like Upwork and LinkedIn to infiltrate Western companies. These workers, often posing as legitimate remote developers, use fake identities and purchased accounts to secure jobs. According to recent reports, this tactic is part of a larger scheme aimed at generating illicit revenue for the North Korean regime and facilitating cyberespionage activities.The US Treasury Department first warned about this tactic in 2022, highlighting the use of fake identities by North Korean IT workers to secure freelance contracts. These workers often pose as South Korean, Chinese, Japanese, or Eastern European, and as US-based teleworkers [1]. They use front companies in China, Russia, Southeast Asia, and Africa to mask their identities and secure jobs in Western companies.
A recent high-profile case involved Christina Chapman, who was convicted for orchestrating a scheme that enabled North Korean IT workers to pose as US citizens and residents using stolen identities. The conspiracy generated over $17 million in illicit revenue over three years [1]. Chapman ran a "laptop farm" hosting overseas IT workers' computers inside her home, making it appear that the computers were located in the US. She forged payroll checks and laundered salaries through bank accounts under her control.
The techniques used by North Korean agents have evolved, including disabling secure access service edge tools and abusing privileged access from one organization to infiltrate another [1]. These workers often use deepfake technologies, extortion scams, and advanced AI tools to evade detection. For instance, the software engineer hired by security awareness vendor KnowBe4 used a valid but stolen US-based identity and enhanced his application photo using AI tools from a stock image [1].
The growing body of evidence suggests that thousands of highly skilled IT workers from North Korea are seeking jobs worldwide. Mandiant reported that these workers acquire freelance contracts from clients around the world, although they mainly engage in legitimate IT work, they have misused their access to enable malicious cyber intrusions [1]. This trend is not limited to the US; European businesses are also targeted, with suspected DPRK workers undertaking projects in areas such as web development, bot development, content management system (CMS) development, and blockchain technology [1].
The increasing sophistication of these schemes underscores the need for companies to carry out tighter vetting of new hires. CISOs are urged to implement robust background checks and secure access service edge tools to mitigate the risk of infiltration by North Korean IT workers.
References:
[1] https://www.csoonline.com/article/4033022/how-not-to-hire-a-north-korean-it-spy-3.html
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
SOBRE NOSOTROS
Nuestra historiaAutores de noticiasBase de conocimientosPolítica de privacidadTérmino de usoDescargo de responsabilidad de corretaje de tercerosTérminos de uso de AIMEDivulgaciones de riesgos de AInvest AICarrerasCONTÁCTENOS
Email: support@ainvest.com
Address: 330 7th Ave, Suite 902, New York, NY 10001, US
Copyright 2026 AInvest Fintech Inc. All rights reserved.
Comentarios
Aún no hay comentarios