Jump directly to the content
UNDERCOVER ARMY

Kim Jong-un’s spies are infiltrating UK companies by disguising themselves as freelance IT workers… with chilling aim

The generated revenue is being actively used to feed North Korea's evil military programs

SECRET spies from North Korea posing as freelance IT workers are plaguing UK companies to earn cash for Kim Jong-un's sanction-hit regime.

Many firms are at risk of being targeted by fraudulent North Koreans who are actively applying to secure jobs on freelance work platforms.

Kim Jong-un is using a network of secret spies disguised as IT freelancers to gain jobs in the UK and US
4
Kim Jong-un is using a network of secret spies disguised as IT freelancers to gain jobs in the UK and USCredit: Getty
IT workers from North Korea provide potential employers in the UK with fake CVs in a bid to secure employment
4
IT workers from North Korea provide potential employers in the UK with fake CVs in a bid to secure employmentCredit: Getty
The revenue is used to fund North Korea's evil military program; a picture of a North Korean ballistic missile being tested
4
The revenue is used to fund North Korea's evil military program; a picture of a North Korean ballistic missile being tested

A report by the HM Treasury’s Office of Financial Sanctions Implementations (OFSI) has warned that IT workers from North Korea are using tactics that include "aliases, false or fraudulent personae and proxies, to mask their true identities and hide links to the regime".

Over the years, Britain has hit North Korea with a slew of financial sanctions including the freezing of funds and economic resources.

These actions are aimed at countering the proliferation of weapons of mass destruction (WMD) and ballistic missiles, the HM Treasury says.

Kim Jong-un's cash-starved regime has long been known to deploy cyberb tactics to steal sensitive information from nations in the West.

more on north korea

But highly-trained workers are now posing a greater threat of getting into the payroll of British companies as remote workers.

The unique cyber tactic is allowing millions of dollars to flow into a reclusive country like North Korea, only to aid its ballistic missile program against the West.

And it also threatens to wreak havoc in the form of cyber attacks.

"It is almost certain that UK firms are currently being targeted
by the Democratic People's Republic of Korea (DPRK) Information Technology (IT) workers disguised as freelance third-country IT workers to generate revenue for the regime, " the report read.

"North Koran IT workers may gain privileged access to sensitive or critical company information.

"There is a realistic possibility that this could result in this information being compromised or misused by other malign DPRK cyber actors."

According to the advisory from HM's Treasury, IT workers from North Korea provide potential employers in the UK with fake CVs in a bid to secure employment.

Many such fraudsters often use bot farms run by middlemen inside a particular country who use remote desktop software that allows workers from North Korea to log in to a company's internal servers - making it look like they are working from inside the country.

Others have been leveraging the latest AI techniques to impersonate foreign nationals and steal their entire identity.

Affected UK sectors include:

  • Information Technology (IT)
  • Electronic Money Institution (EMI)
  • Money Service Business (MSB)
  • Professional Services
  • Cryptocurrency

UK sanctions on North Korea

DPRK targets are on OFSI’s  consolidated list of financial sanctions and are subject to an asset freeze.

This regime also includes sectoral financial sanctions, which contain both restrictions and requirements. These include those placed on:

  • The sale or purchase of bonds
  • DPRK credit and financial institutions including branches, subsidiaries and representative offices)
  • UK credit and financial institutions from dealing with DPRK credit and financial institutions (including branches, subsidiaries and representative offices)
  • Representative offices belonging to designated persons
  • Business arrangements with designated persons
  • Financial support for trade
  • Investment and commercial activities
  • Bank accounts for DPRK diplomats and diplomatic missions
  • Leasing or, otherwise making available, real property

Source: HM Treasury’s Office of Financial Sanctions Implementations (OFSI)

The report also describes how these workers often work from regimes like Russia and China, posing as non-North Korean workers looking for freelance IT jobs.

Common skills found among such workers include software development, IT support, graphic design, and animation.

They work through a vast - and complex - network of companies working on behalf of Kim Jong-un's regime.

And they are often able to secure long-term, permanent positions - and substantial amounts of money.

The aim is to generate as much revenue as possible so that it can be fed to North Korea's evil military programs that threaten to destabilise not only the Korean Peninsula but also the entire world.

And the vicious tactic is not restricted to the UK.

US officials have warned of such cyber tactics increasingly being used by North Korean workers to gain employment in America, often capitalising on the need for IT workers.

Hundreds of thousands of such fraud workers have already managed to crack low-level information-technology jobs and other roles in the US, security researchers claim.

Jay Greenberg, an FBI special agent, said: "This scheme is so prevalent that companies must be vigilant to verify whom they’re hiring.

"At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities."

In many instances, North Korean workers infiltrated computer networks and stole information from the companies that hired them, the US Department of Justice said.

The UK intelligence services revealed how cyber attacks backed by North Korea are carrying out a global campaign to steal military and nuclear secrets.

The Andariel group has also targeted medical, energy and engineering sectors to bolster tyrant Kim Jong Un.

It has tried to get design drawings, project details and contract specifications.

It has also been singling out US healthcare companies to extort cash to fund yet more attacks.

And it has hit both the US and South Korea with ­espionage and ransomware assaults at the same time.

READ MORE SUN STORIES

The alarm was issued by the National Cyber Security Centre, part of GCHQ, as well as by US and South Korean spooks.

Kim Jong-un parades ‘hypersonic nukes that can hit US bases in minutes’

By Katie Davis, Chief Foreign Reporter

KIM Jong-un showcased his deadly hypersonic missiles that are feared to be able to strike US bases in minutes in 2019.

He vowed to build North Korea's nuclear arsenal at its "fastest pace".

The tyrant threatened to use his nuclear forces if provoked as he delivered a speed during a huge military parade that featured the state's most powerful weapons systems.

It comes as Pyongyang has stepped up weapons tests and displays of military power amid stalled denuclearisation talks with the United States and an incoming conservative administration in South Korea.

US and South Korean officials say there are signs of new construction at North Korea's only nuke test site - which has been officially shuttered since 2018.

Satellite images by Maxar from March appeared to show repair work happening at the Punggye-ri site, which may suggest Pyongyang could be preparing to resume testing nuclear weapons. 

"The nuclear forces of our Republic should be fully prepared to fulfil their responsible mission and put their unique deterrent in motion at any time," Kim told the parade, according to state news agency KCNA.

Kim is seeking to forge close ties with Russia and Iran
4
Kim is seeking to forge close ties with Russia and Iran

Topics