According to a Reuters investigation, North Korean IT professionals deployed a large-scale fraudulent operation to get jobs at leading Western technology companies. The campaign includes creating fake names and profiles on LinkedIn, forging work documents and interview scripts. The actions are part of Pyongyang's efforts to hire employees abroad to raise foreign currency to finance North Korea's nuclear and missile programs.
These strategies were revealed in the documents in an interview with a former North Korean IT specialist and cybersecurity researchers. Particularly noticeable is the increase in the number of IT professionals sent abroad over the past 4 years, which is part of Pyongyang's efforts to increase foreign exchange earnings.
Palo Alto Networks found a package of documents on the Internet showing how North Korean software developers prepared for interviews, including tips on how to describe a "good corporate culture", as well as fake documents that were used when applying for a job.
Data gathered from the darknet leaks also revealed an account on a website that sells digital templates to create realistic-looking fake identity documents, including American driver's licenses, visas, and passports.
The investigation also revealed that North Korean employees use fake resumes and online profiles to apply for jobs in software development. Experts urged firms to hire them in countries such as Chile, New Zealand, the United States, Uzbekistan, and the United Arab Emirates.
An example is the story of "Richard", a former senior embedded software developer who used a fake profile for employment in the United States, offering to start remotely and switch to full-time work later. Richard said North Korean employees created 20 to 50 fake profiles a year before being hired by foreign companies.
In addition, the leaked data revealed additional tools and techniques used to deceive firms and persuade them to hire North Korean workers. The data show how intensive and sophisticated the North Korean authorities ' efforts are in organizing such a scheme, which has become vital for the country's budget.
It is noted that remote IT workers can earn significantly more than North Korean workers abroad in other areas. According to the US Department of Justice, North Korean developers working for US companies hide behind fake social media accounts and can earn more than $3 million a year on behalf of North Korean organizations that are subject to sanctions. According to Richard, there are about 3,000 employees abroad, and another 1,000 are based in North Korea.
According to the former IT worker, each such specialist is required to earn at least $100,000 a year, of which 30-40% is sent back to Pyongyang, 30-60% is spent on overhead costs, and 10-30% is kept by employees. Reuters was unable to determine how much the scheme has earned over the years.
The investigation highlights the risks to the United States and other countries associated with the penetration of specialists from North Korea into their technology companies. Analysts have identified a deep level of training for North Korean IT professionals, which underscores the need for enhanced security measures and checks during the hiring process in the technology industry.
These strategies were revealed in the documents in an interview with a former North Korean IT specialist and cybersecurity researchers. Particularly noticeable is the increase in the number of IT professionals sent abroad over the past 4 years, which is part of Pyongyang's efforts to increase foreign exchange earnings.
Palo Alto Networks found a package of documents on the Internet showing how North Korean software developers prepared for interviews, including tips on how to describe a "good corporate culture", as well as fake documents that were used when applying for a job.
Data gathered from the darknet leaks also revealed an account on a website that sells digital templates to create realistic-looking fake identity documents, including American driver's licenses, visas, and passports.
The investigation also revealed that North Korean employees use fake resumes and online profiles to apply for jobs in software development. Experts urged firms to hire them in countries such as Chile, New Zealand, the United States, Uzbekistan, and the United Arab Emirates.
An example is the story of "Richard", a former senior embedded software developer who used a fake profile for employment in the United States, offering to start remotely and switch to full-time work later. Richard said North Korean employees created 20 to 50 fake profiles a year before being hired by foreign companies.
In addition, the leaked data revealed additional tools and techniques used to deceive firms and persuade them to hire North Korean workers. The data show how intensive and sophisticated the North Korean authorities ' efforts are in organizing such a scheme, which has become vital for the country's budget.
It is noted that remote IT workers can earn significantly more than North Korean workers abroad in other areas. According to the US Department of Justice, North Korean developers working for US companies hide behind fake social media accounts and can earn more than $3 million a year on behalf of North Korean organizations that are subject to sanctions. According to Richard, there are about 3,000 employees abroad, and another 1,000 are based in North Korea.
According to the former IT worker, each such specialist is required to earn at least $100,000 a year, of which 30-40% is sent back to Pyongyang, 30-60% is spent on overhead costs, and 10-30% is kept by employees. Reuters was unable to determine how much the scheme has earned over the years.
The investigation highlights the risks to the United States and other countries associated with the penetration of specialists from North Korea into their technology companies. Analysts have identified a deep level of training for North Korean IT professionals, which underscores the need for enhanced security measures and checks during the hiring process in the technology industry.
