Financial Crime World

North Korea’s IT Workers Pose Significant Cybersecurity Threat to Financial Institutions

Warning Issued by US and South Korea: North Korean IT Workers Pose Risk to Intellectual Property, Data, and Funds

Seoul, South Korea - The United States and South Korea have issued updated warnings about the threat posed by North Korean information technology (IT) workers to financial institutions. These workers are believed to be operating in a way that poses significant risks to intellectual property, data, and funds.

New Indicators of Potential North Korean IT Worker Activity

The US and South Korean governments have identified new tradecraft used by North Korean IT workers since the release of previous advisories in 2022. The new indicators of potential North Korean IT worker activity include:

  • An unwillingness or inability to appear on camera
  • Inconsistencies in online profiles
  • Indications of cheating on coding tests

Preventing the Hiring of North Korean IT Workers: Additional Due Diligence Measures

To prevent the inadvertent hiring of North Korean IT workers, financial institutions are advised to take additional due diligence measures. These include:

Conduct Thorough Background Checks

  • Conduct thorough background checks on freelance workers
  • Verify their identities

Be Cautious of Red Flag Indicators

  • Unusual language preferences or requests for prepayment
  • Home address for provision of laptops or other company materials is a freight forwarding address or rapidly changes upon hiring
  • Education on resume listed as universities in China, Japan, Singapore, Malaysia, or other Asian countries with employment almost exclusively in the US, South Korea, and Canada

Reporting Suspicous Activity

The FBI urges victims of North Korean IT Workers or those who suspect they may have been victimized to report suspicious activity to the FBI Internet Crime Complaint Center (IC3) at ic3.gov. The South Korean government requests that suspicious activity be reported to the National Intelligence Service and the National Police Agency.

Red Flag Indicators

  • Unwillingness or inability to appear on camera, conduct video interviews or video meetings
  • Undue concern about requirements of a drug test or in-person meetings
  • Indications of cheating on coding tests or when answering employment questionnaires and interview questions
  • Social media and online profiles that do not match the hired individual’s provided resume
  • Home address for provision of laptops or other company materials is a freight forwarding address or rapidly changes upon hiring
  • Education on resume listed as universities in China, Japan, Singapore, Malaysia, or other Asian countries with employment almost exclusively in the US, South Korea, and Canada

Due Diligence Measures

Request Documentation of Background Check Processes

  • Request documentation of background check processes from third-party staffing firms or outsourcing companies

Conduct Due Diligence Checks

  • Conduct due diligence checks on individuals provided by staffing companies or third-party software developers for IT work

Verify Background Check Documentation

  • Do not accept background check documentation provided by untrusted or unknown authorities
  • Verify check numbers and routing numbers match an actual bank and do not belong to a money service business

Keep Records of Interactions with Potential Employees

  • Keep records of all interactions with potential employees, including recordings of video interviews

By taking these precautions, financial institutions can help prevent the hiring of North Korean IT workers and reduce the risk of cybersecurity threats.