Financial Crime World

Korean Authorities Warn of Financial Crime Threats from North Korean IT Workers

Introduction

In a bid to combat illicit financial activities, authorities in the Democratic People’s Republic of Korea (North Korea) are warning businesses and individuals to be vigilant against potential threats from North Korean Information Technology (IT) workers.

Red Flag Indicators

Businesses and individuals are advised to watch out for the following red flag indicators:

  • Unusual network traffic, including remote connections to devices
  • Presence of remote desktop protocols or software that is prohibited
  • Inconsistencies in interviews, especially applicants being unable to field questions about where they are located or key details about their past
  • Increased noise during interviews or sounds as if an applicant is surrounded by others doing similar work

Best Practices for Protection

To protect against these threats, authorities recommend the following best practices:

  1. Implement identity verification processes during hiring, onboarding, and throughout the employment of any remote worker.
  2. Educate HR staff, hiring managers, and development teams regarding this threat.
  3. Monitor applicants for changes in addresses, particularly after being hired but before laptops are delivered to the applicant-provided address.

Reporting

If you suspect that your business has fallen victim to a North Korean IT worker scheme or have been approached by one, report to the FBI’s Internet Crime Complaint Center (IC3) at www.IC3.gov immediately. Evaluate network activity from the suspected employee and their assigned device, and use internal intrusion detection software to capture activity on the suspected device.

Conclusion

The Democratic People’s Republic of Korea government has issued public advisories involving North Korean IT workers that describe how they operate and provide red flag indicators along with due diligence measures for businesses to avoid hiring North Korean IT workers. The Republic of Korea and the Government of Japan have also alerted the public regarding North Korean IT workers.

Stay informed, stay vigilant, and protect your business against these illicit activities.