DPRK IT workers used fake IDs and purchased Upwork/LinkedIn accounts for developer jobs.
ByAinvest
Wednesday, Aug 13, 2025 8:47 am ET1min read
UPWK--
The use of these platforms by North Korean IT workers is part of a broader strategy to circumvent sanctions and generate revenue. According to a United Nations Panel of Experts report, North Korean IT workers abroad, often in China or Southeast Asia, are generating between $250 million and $600 million per year through such activities [1].
The schemes involve the use of stolen identities, often from real US citizens, to apply for freelance contracts or remote positions. These workers pose as South Korean, Chinese, Japanese, or Eastern European, and as US-based teleworkers. They use front companies, often in China, Russia, Southeast Asia, and Africa, to mask their identities and secure jobs in Western companies [1].
Recent examples of these tactics include the conviction of Christina Chapman, who orchestrated a scheme that enabled North Korean IT workers to pose as US citizens and residents using stolen identities to obtain jobs at more than 300 US companies and two international firms. The conspiracy generated more than $17 million in illicit revenue over three years [1].
The threat is not limited to the US; it is expanding into Europe as well. Suspected DPRK workers have undertaken UK projects in areas such as web development, bot development, content management system (CMS) development, and blockchain technology [1].
To mitigate this risk, companies are urged to carry out tighter vetting of new hires, especially for remote and freelance positions. This includes verifying the authenticity of documents and backgrounds, and using advanced security tools to detect anomalies in hiring processes.
References:
[1] https://www.csoonline.com/article/4033022/how-not-to-hire-a-north-korean-it-spy-3.html
DPRK IT workers used fake IDs and purchased Upwork/LinkedIn accounts for developer jobs.
In a growing trend, North Korean IT workers are leveraging freelance platforms like Upwork and LinkedIn to infiltrate Western companies, using fake identities and purchased accounts to secure developer jobs. This tactic, part of the regime's illicit revenue generation and cyberespionage efforts, poses a significant threat to global cybersecurity.The use of these platforms by North Korean IT workers is part of a broader strategy to circumvent sanctions and generate revenue. According to a United Nations Panel of Experts report, North Korean IT workers abroad, often in China or Southeast Asia, are generating between $250 million and $600 million per year through such activities [1].
The schemes involve the use of stolen identities, often from real US citizens, to apply for freelance contracts or remote positions. These workers pose as South Korean, Chinese, Japanese, or Eastern European, and as US-based teleworkers. They use front companies, often in China, Russia, Southeast Asia, and Africa, to mask their identities and secure jobs in Western companies [1].
Recent examples of these tactics include the conviction of Christina Chapman, who orchestrated a scheme that enabled North Korean IT workers to pose as US citizens and residents using stolen identities to obtain jobs at more than 300 US companies and two international firms. The conspiracy generated more than $17 million in illicit revenue over three years [1].
The threat is not limited to the US; it is expanding into Europe as well. Suspected DPRK workers have undertaken UK projects in areas such as web development, bot development, content management system (CMS) development, and blockchain technology [1].
To mitigate this risk, companies are urged to carry out tighter vetting of new hires, especially for remote and freelance positions. This includes verifying the authenticity of documents and backgrounds, and using advanced security tools to detect anomalies in hiring processes.
References:
[1] https://www.csoonline.com/article/4033022/how-not-to-hire-a-north-korean-it-spy-3.html
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PROEditorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process.
While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context.
Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue
Comments
No comments yet