North Korea’s Job Scam: IT Specialists Fabricate Identities to Work for Western Firms

North Korean IT specialists have orchestrated an extensive fraudulent operation to secure employment in leading Western technology companies. This campaign involves the creation of fictitious names and LinkedIn profiles, the forgery of employment documents, and scripted interview scenarios. These actions are part of Pyongyang’s efforts to hire employees abroad to attract foreign currency to finance North Korea’s nuclear and missile programs.

These strategies were revealed in documents and interviews with former North Korean IT specialists and cybersecurity researchers. Notably, there has been a surge in the number of IT specialists sent abroad over the past four years, as part of Pyongyang’s efforts to increase foreign currency revenue.

Palo Alto Networks discovered a packet of documents on the internet, illustrating how North Korean software developers prepared for interviews, including tips on describing a “good corporate culture,” and the use of forged documents in the hiring process.

Data collected from leaks in the darknet also revealed an account on a website selling digital templates for creating realistic-looking fake identity documents, including American driver’s licenses, visas, and passports.

During the investigation, it was also discovered that North Korean employees use fake resumes and online profiles to apply for software development jobs. The specialists convinced firms to hire them in countries such as Chile, New Zealand, the USA, Uzbekistan, and the UAE.

An example is the story of “Richard,” a former senior embedded software developer, who used a fake profile to find employment in the USA, offering to start remotely and transition to onsite work later. Richard reported that North Korean employees created 20 to 50 fake profiles annually until they secured employment in foreign companies.

In addition to this, data leaks revealed additional tools and methods used to deceive firms into hiring North Korean workers. The data demonstrate the intensity and cunning of the North Korean authorities’ efforts in organizing such a scheme, which has become vital for the country’s budget.

It’s noted that remote IT workers can earn significantly more than North Korean workers abroad in other sectors. According to the U.S. Department of Justice, North Korean developers working in American companies, hiding behind fake social media accounts, can earn over $3 million a year on behalf of North Korean organizations under sanctions. Richard estimates that about 3,000 employees are based abroad, with another 1,000 in North Korea.

A former IT worker estimated that each specialist is obliged to earn at least $100,000 a year, of which 30-40% is sent back to Pyongyang, 30-60% covers overhead costs, and 10-30% is kept by the employees. Reuters was unable to determine the total amount earned by this scheme over the years.

The investigation highlights risks for the USA and other countries associated with the infiltration of North Korean specialists into their technology companies. Analysts have identified a deep level of preparation by North Korean IT specialists, underscoring the need for enhanced security measures and vetting in the hiring process in the technology sector.