Are you a freelancer? North Korean spies may be using you
North Korean operatives are recruiting unwitting freelancers to use their verified identities and remote access to secure and execute remote tech jobs.Summary
North Korean IT operatives are evolving their strategy by recruiting freelancers, often targeting vulnerable, low-income individuals, to act as proxies for remote work. Recruiters contact job seekers on platforms like Upwork and GitHub, moving conversations to Telegram or Discord where they coach them to set up remote access software like AnyDesk.
The operatives use the victims' verified identities and local internet connections to bypass geographic and VPN flagging systems. The real identity owners often receive only a fraction of the pay, with the rest being funneled to the operatives via cryptocurrency or traditional bank accounts. While some recruits may be unaware victims, others appear complicit.
Cyber threat intelligence expert Heiner García noted that this model allows DPRK workers to secure jobs across various sectors, not just crypto, including architecture and design. Detection remains difficult because the visible account details—identity and IP address—appear legitimate, making accountability challenging until red flags like requests for remote access software are raised.
(Source:Cointelegraph)