The FBI warns about malicious North Korean state-backed developers

FBI Malicious Actors North Korea State Backed Developers Cryptocurrency Hackers

North Korean state-backed application and software developers are observed pretending as US-based remote employees to attain IT jobs in the US and Europe’s technology and crypto companies.

Several US federal government agencies have shared this report, including the FBI, Department of State, and Department of Treasury. The agencies have highlighted how North Korean state actors have contributed to the developing economy of their country, including their involvement in weapons of mass destruction or WMD, and ballistic missile agendas that violated sanctions provided by the US and the UN.


These North Korean hackers are notorious for performing attacks on the cryptocurrency landscape, with a record of stealing over $400 million worth of crypto assets for 2021 alone.


Last month, a joint advisory was also issued by several federal agencies, such as the FBI, CISA, and the Department of Treasury, to warn about North Korean state-backed actors Lazarus (APT 38) targeting cryptocurrency and blockchain exchanges via spear-phishing campaigns and with the use of harmful malware.

Recently, another attack technique was discovered by security researchers involving state-backed IT developers from North Korea, utilising their advantage as contractual employees in the US and Europe to perform cyberattacks to serve their country.

The US agencies listed several ‘red flag’ indicators for the malicious freelance developers and have also shared some precautions on avoiding hiring or facilitating state-backed employees.

Based on the published advisory, North Korea dispatches thousands of skilled tech workers globally to help their country generate income that could subsidise their mass production of weaponry, ultimately violating US and UN sanctions.

The North Korean IT developers utilise their privileged access of being contractual workers to provide logistical support to their country. These threat actors do this by sharing access to a virtual infrastructure, aiding North Korea in money laundering transactions, and operating the sales of stolen data.

Several projects that the state-backed workers take advantage of include those around the virtual currency sector, such as business, sports, lifestyle, entertainment, and social networking.

US and European companies are given some pointers for the red flags they must be aware of, including one that involves the employee doing multiple logins into one account from different IP addresses coming from several countries in a brief period. Aside from this, more red flags had been shared by the US federal law enforcers for organisations to keep in mind.

Companies prone to these threats are advised to conduct video conferences and interviews with their applicants to further assess their identities and backgrounds.

About the author

Leave a Reply