In a recent security advisory, the Federal Protection Service of the German Constitution (BFV) warned about fraudulent schemes involving North Korean IT specialists working for foreign companies. The agency reported that many of these specialists create fake profiles on various platforms, such as Linkedin, GitHub, Facebook, Telegram, and Skype, to secure IT-related work opportunities.
These individuals typically present themselves as experienced professionals with multiple skills and extensive recommendations. Payment for their services often occurs through cryptocurrencies like Bitcoin and Ethereum, or digital payment systems such as PayPal and Wise, making it difficult to track financial transactions. To further conceal their identities, they frequently use intermediary accounts. If faced with refusal of advance or bonus payments, scammers may resort to aggressive behavior and threaten to disclose the company’s source code.
Communication with North Korean IT specialists primarily takes place through text messages, with English being the preferred language, although Korean is also utilized. Personal meetings or video interviews are usually avoided, adding complexity to verifying their authenticity. Discrepancies in resumes are common, with inconsistencies in personal information, work experience, education, and language skills often present.
Suspicions are raised among employers when social media profiles and resume information do not align. Multiple profiles with the same names but different photos are frequently discovered. Delivery addresses for equipment, like laptops, may constantly change. Despite high ratings on freelancer platforms, these “specialists” often charge lower fees. In confirmed cases, malicious software may be installed immediately after receiving equipment.
Companies engaging with North Korean IT workers face significant risks. Apart from potentially financing North Korea’s nuclear program, there’s a danger of reputational damage, sanctions violations, and intellectual property and internal data leaks.
Precautionary measures recommended include verifying identities through personal or video interactions, validating previous work experience, avoiding exclusive use of cryptocurrencies for payments, and restricting access to sensitive company information.
* The social network X is prohibited in the Russian Federation.
** META and its products are recognized as extremist, and their activities are banned in the Russian Federation.