NewsBite

North Korean IT freelancer scam hits Australian firms

A global scam operated by Kim Jong-un’s cash-starved regime is stealing hard currency and Western trade secrets, while taking advantage of post-Covid remote work rules.

North Korean leader Kim Jong-un. Picture: AFP
North Korean leader Kim Jong-un. Picture: AFP

Australian businesses are being tricked into employing North Korean IT workers in a global scam by Kim Jong-un’s cash-starved regime to steal hard currency and Western trade secrets, Google’s threat intelligence arm warns.

Mandiant chief analyst John Hultquist said the “bizarre” insider threat was exploding in the post-Covid freelance work environment, as companies relaxed hiring rules and allowed workers to log-on remotely.

He said the scam had hit US companies hard, and was now affecting businesses in Australia and across Europe.

John Hultquist, senior director of intelligence analysis for Mandiant Threat Intelligence, FireEye – Security MEA
John Hultquist, senior director of intelligence analysis for Mandiant Threat Intelligence, FireEye – Security MEA

“As pressure has increased in the US, we have seen these IT workers shift their focus to other countries where employers are less familiar with this scheme and they are likely to meet less scrutiny.

“We’ve recently seen evidence that they are impersonating Australians and being employed in Australian projects. The opportunity for Australians to put up their guard is now, before this insider threat really takes hold.“

The warning came as the US Department of Justice issued new indictments for 14 men wanted over their alleged involvement in the scam.

The US State Department is offering a $US5m reward for information on the whereabouts of the men, and on North Korean IT companies based in China and Russia.

Wanted: The US has issued indictments and a posted a $US5m reward for 14 men over the North Korean IT worker scam.
Wanted: The US has issued indictments and a posted a $US5m reward for 14 men over the North Korean IT worker scam.

The companies, Yanbian Silverstar Network Technology Co. and Volasys Silverstar, had “engaged in the exportation of North Korean IT workers, managers, and support staff” to China’s Jilin Province and Vladivostok, Russia, the department said.

It said the workers generated revenue “by deceiving US and other businesses worldwide into hiring them as freelance IT workers”.

Mandiant, a Google subsidiary that analyses and responds to cybersecurity threats, has previously warned non-North Korean facilitators played a crucial role supporting the cyber racket, enabling the remote IT workers to disguise their locations and identities, and access international financial systems.

Mr Hultquist said the North Korean workers were part of a global push by the kleptocratic regime to earn much-needed foreign currency, raking in First World salaries while stealing bank details and intellectual property, demanding ransoms and inserting covert back doors to systems.

“We’re talking billions and billions of dollars coming back to the regime with this type of activity,” he said.

“Every chief security officer in the United States is talking about this North Korean IT worker problem.

“Because post-Covid, a lot of organisations have relaxed a lot of their hiring processes, and some of the some of their HR processes, they’re hiring North Koreans.

“They have gotten jobs at many of the Fortune 500 companies, infrastructure companies, you name it.

“This is one of the most bizarre, one of the most interesting threats I’ve ever worked on.

“Many of them are working multiple jobs, like four or five jobs at a time. And when you ask a targeted organisation how they performed as an employee, many will tell you they’re the best employees they have.”

He said the workers had been known to insert malicious code in their employers’ systems, and “at least in select cases, we can see handoffs between them and the intelligence service”.

Read related topics:Coronavirus

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.theaustralian.com.au/nation/north-korean-it-freelancer-scam-hits-australian-firms/news-story/40f7c3c5d5f825696a2812cbfc42cc76