DPRK IT workers used fake IDs and purchased Upwork/LinkedIn accounts for developer jobs.
ByAinvest
Wednesday, Aug 13, 2025 8:55 am ET1min read
UPWK--
The US Treasury Department first warned about this tactic in 2022, highlighting the use of fake identities by North Korean IT workers to secure freelance contracts. These workers often pose as South Korean, Chinese, Japanese, or Eastern European, and as US-based teleworkers [1]. They use front companies in China, Russia, Southeast Asia, and Africa to mask their identities and secure jobs in Western companies.
A recent high-profile case involved Christina Chapman, who was convicted for orchestrating a scheme that enabled North Korean IT workers to pose as US citizens and residents using stolen identities. The conspiracy generated over $17 million in illicit revenue over three years [1]. Chapman ran a "laptop farm" hosting overseas IT workers' computers inside her home, making it appear that the computers were located in the US. She forged payroll checks and laundered salaries through bank accounts under her control.
The techniques used by North Korean agents have evolved, including disabling secure access service edge tools and abusing privileged access from one organization to infiltrate another [1]. These workers often use deepfake technologies, extortion scams, and advanced AI tools to evade detection. For instance, the software engineer hired by security awareness vendor KnowBe4 used a valid but stolen US-based identity and enhanced his application photo using AI tools from a stock image [1].
The growing body of evidence suggests that thousands of highly skilled IT workers from North Korea are seeking jobs worldwide. Mandiant reported that these workers acquire freelance contracts from clients around the world, although they mainly engage in legitimate IT work, they have misused their access to enable malicious cyber intrusions [1]. This trend is not limited to the US; European businesses are also targeted, with suspected DPRK workers undertaking projects in areas such as web development, bot development, content management system (CMS) development, and blockchain technology [1].
The increasing sophistication of these schemes underscores the need for companies to carry out tighter vetting of new hires. CISOs are urged to implement robust background checks and secure access service edge tools to mitigate the risk of infiltration by North Korean IT workers.
References:
[1] https://www.csoonline.com/article/4033022/how-not-to-hire-a-north-korean-it-spy-3.html
DPRK IT workers used fake IDs and purchased Upwork/LinkedIn accounts for developer jobs.
In a growing trend that poses significant security risks, North Korean IT workers are leveraging freelance platforms like Upwork and LinkedIn to infiltrate Western companies. These workers, often posing as legitimate remote developers, use fake identities and purchased accounts to secure jobs. According to recent reports, this tactic is part of a larger scheme aimed at generating illicit revenue for the North Korean regime and facilitating cyberespionage activities.The US Treasury Department first warned about this tactic in 2022, highlighting the use of fake identities by North Korean IT workers to secure freelance contracts. These workers often pose as South Korean, Chinese, Japanese, or Eastern European, and as US-based teleworkers [1]. They use front companies in China, Russia, Southeast Asia, and Africa to mask their identities and secure jobs in Western companies.
A recent high-profile case involved Christina Chapman, who was convicted for orchestrating a scheme that enabled North Korean IT workers to pose as US citizens and residents using stolen identities. The conspiracy generated over $17 million in illicit revenue over three years [1]. Chapman ran a "laptop farm" hosting overseas IT workers' computers inside her home, making it appear that the computers were located in the US. She forged payroll checks and laundered salaries through bank accounts under her control.
The techniques used by North Korean agents have evolved, including disabling secure access service edge tools and abusing privileged access from one organization to infiltrate another [1]. These workers often use deepfake technologies, extortion scams, and advanced AI tools to evade detection. For instance, the software engineer hired by security awareness vendor KnowBe4 used a valid but stolen US-based identity and enhanced his application photo using AI tools from a stock image [1].
The growing body of evidence suggests that thousands of highly skilled IT workers from North Korea are seeking jobs worldwide. Mandiant reported that these workers acquire freelance contracts from clients around the world, although they mainly engage in legitimate IT work, they have misused their access to enable malicious cyber intrusions [1]. This trend is not limited to the US; European businesses are also targeted, with suspected DPRK workers undertaking projects in areas such as web development, bot development, content management system (CMS) development, and blockchain technology [1].
The increasing sophistication of these schemes underscores the need for companies to carry out tighter vetting of new hires. CISOs are urged to implement robust background checks and secure access service edge tools to mitigate the risk of infiltration by North Korean IT workers.
References:
[1] https://www.csoonline.com/article/4033022/how-not-to-hire-a-north-korean-it-spy-3.html
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PROEditorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process.
While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context.
Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue
Comments
No comments yet