The U.S. issued a joint statement with Japan and South Korea on efforts to counter the threat of North Korean IT workers. They said North Korea continues to send IT workers around the world, both in-person and remotely, to generate revenue and fund missile programs.
North Korean IT workers
All three countries expressed serious concerns over North Korean IT workers going around the world. They said money from those workers funds the North’s development of weapons of mass destruction.
Download the SAN app today to stay up-to-date with Unbiased. Straight Facts™.
Point phone camera here
“The United States, Japan, and the ROK express serious concerns over the evolving malicious activities of North Korean IT workers,” the joint statement reads.
North Korea is no stranger to cyberattacks, but this is a different kind of threat.
“They traditionally relied on traditional cyber activities,” Tom Hyslip, assistant professor of cybercrime at the University of South Florida, told Straight Arrow News. “Whether it’s getting compromised credentials and gaining access that way or trying to social engineer an employee to give them access. But this is a lot worse for the organizations, because if they hire this person, and they have access internal to the corporation, it’s a much higher level of threat.”
Access to weapons systems is especially a concern when it comes to funding.
“It’s cheaper to steal the data than to design it and build it yourself,” Hyslip said.
Rise of remote work
Hyslip said this tactic became more common after the COVID-19 pandemic and the rise of remote work.
The trio of countries stated that North Korean IT workers employ a range of techniques to conceal their identities and locations, including the use of AI tools.
The statement said the workers take advantage of the need for IT workers and have gained employment in North America, Europe and East Asia.
“The highest level of threat is an insider,” Hyslip said. “And so, this really took it to another level. And I think that’s why you’re seeing these organizations with the government and Japan and South Korea putting out these advisories in alerts to notify these private sector organizations of this.”
They said these workers pose a serious security risk, including the theft of intellectual property and data.
Just two months ago, an Arizona woman received a nearly eight-year prison sentence for her role in a scheme that allowed North Korean IT workers to generate more than $17 million for North Korea. 50-year-old Christina Chapman helped those fraudulent workers obtain remote IT positions at more than 300 U.S. companies.
“Having full access allows them to either steal whatever they want themselves or establish back doors and allow their counterparts who are remote in North Korea to access it,” Hyslip said.
Fighting North Korean IT workers
The joint statement said all three countries are taking coordinated actions to disrupt this threat.
The U.S. has designated and sanctioned four entities and individuals they said furthered North Korean IT worker schemes, including entities in Russia, Laos and China.
“The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” John K. Hurley, Under Secretary of the Treasury for Terrorism and Financial Intelligence, said in a statement. “Under President Trump, Treasury is committed to protecting Americans from these schemes and holding the guilty accountable.”
Japan has advised private sector companies to mitigate the risk of hiring these people, while South Korea issued advisories to help companies avoid being targeted or victimized.
Hyslip said it’s not uncommon for allied countries to work together in these situations.
“When an incident like this happens, they’ll really get together, probably form a working group and determine, ‘okay, how are we going to mitigate this problem that we’ve identified, and hopefully mitigate the resulting fallout if data was compromised,’” Hyslip said.
Cyber threats
When it comes to cyber threats, the Cybersecurity and Infrastructure Security Agency highlights North Korea, China, Iran and Russia as the most dangerous nations for cyber threats.
And much like American allies, American enemies can also work together.
“North Korea and China are kind of allies when it’s convenient,” Hyslip said. “They may have shared their tactics, techniques, procedures that they’re using with North Korea, and then North Korea took advantage of that opportunity. But yeah, China has done this in the past.”
Hyslip also pointed to the hundreds of thousands of Chinese students in the U.S. Recently, President Donald Trump said the U.S. would allow 600,000 Chinese students into the country.
“I’m not saying all the students are Chinese intelligence agents,” Hyslip said. “But there have been some. [The] FBI has made multiple arrests of Chinese nationals who are here to study academia, working on PhDs. And then they have stolen intellectual property of different research.”
He said he hopes the government properly vets all the students coming in.
