North Korean operatives have “diversified” their way of defrauding victims through freelancing and code-hosting platforms that recruit unsuspecting users as identity proxies for remote tech jobs, according to cybersecurity 0 People’s Republic of Korea (DPRK) IT workers are using Upwork, Freelancer, and GitHub to impersonate legitimate workers and evade international sanctions by using verified accounts belonging to real 1 to cybersecurity researcher Heiner García Pérez, a member of SEAL Intel, the hackers begin by posting freelance job offers or approaching candidates, then move conversations to encrypted channels like Telegram or Discord, where they provide detailed instructions on how to set up remote access and verification 2 bad actors use freelancers to bypass sanctions Garcia found that DPRK operatives can bypass geographic filters, identity checks, and VPN detection systems that would normally block users from sanctioned countries by quietly using verified 3 enables them to apply for or perform remote IT jobs under a stolen or borrowed identity, concealing their origin while collecting payments from unsuspecting clients.
“These actors are organized, coordinated, and share operational 4 consistency of their methods shows this is part of a repeatable, state-backed system,” the SEAL Intel member 5 reported by Cryptopolitan in August, several North Korean IT workers have infiltrated international companies using false 6 has reportedly helped DPRK authorities deploy remote IT professionals abroad to secure freelance or contract roles under stolen or borrowed identities, coupled with shell companies masking their 7 whose identities are used receive only around 20% of total earnings, while the operatives keep 80%, funneled through crypto wallets or even traditional bank 8 of AI to manipulate images and company names García Pérez’s investigation uncovered several behaviors of technical sophistication and deliberate 9 one case, an IT worker had created a Google Drive folder labeled “My Photo,” where AI-edited portraits were stored together with folders bearing other individuals’ 10 believes these digital documents are separate personas managed by the same 11 files he recovered from the drive had a deeper insight into the recruitment and payment 12 file titled “Account” contained instructions explaining how to access Upwork, the purpose of the collaboration, and how profits would be 13 of the folders were named in Korean, such as “it개발 매칭 플랫폼 사이트,” which translates to “IT development matching platform site.” The investigator propounded that such documents were used for “Korean-speaking users and the domestic IT ecosystem.” Heiner García Pérez also found that North Korean actors are exploiting online communities for disabled people, job-matching portals, and even friendship websites such as InterPals to recruit 14 Interpals recruitment email.
Story Tags
Latest news and analysis from Cryptopolitan
