Consequences of Financial Crime on Individuals and Businesses in North Korea

The Democratic People’s Republic of Korea (North Korea) has been evading U.S. and U.N. sanctions by targeting private companies to illicitly generate substantial revenue for the regime.

Threats from North Korean IT Workers

North Korean IT workers use various techniques to obfuscate their identities, including leveraging U.S.-based individuals, both witting and unwitting, to gain fraudulent employment and access to U.S. company networks. These activities illegally violate U.S. and U.N. sanctions and threaten the security of targeted companies.

Methods Used by U.S.-Based Facilitators

U.S.-based facilitators have provided services to North Korean IT workers, including:

• Providing a U.S.-based internet connection through company laptops
• Setting up remote desktop connections to company laptops
• Reshipment of company laptops to North Korean IT workers overseas
• Setting up financial accounts for North Korean IT workers
• Creating accounts on popular job search sites for use by North Korean IT workers

Protecting Against This Threat

Individuals and businesses can protect themselves from this threat by:

• Implementing identity verification processes during hiring
• Monitoring applicants for changes in addresses
• Noting unusual network traffic
• Verifying all remote workers’ identification information at E-Verify.gov

If a business has fallen victim to a North Korean IT worker scheme or suspects that they have been approached by a North Korean IT worker, the FBI recommends reporting to the Internet Crime Complaint Center (IC3) immediately and evaluating network activity from the suspected employee.