North Korea Attempts to Secure Orders from Our Companies
ID Forgery... Phone Interviews Instead of Video Calls
Games, SNS, Blockchain... "Diverse Infiltration Fields"
[Asia Economy Reporter Jang Hee-jun] #. A small and medium-sized enterprise placed an order for programming work on an online platform. After being contacted by a programmer and reviewing their profile, the account rating and cumulative work hours reached several thousand hours. The cost proposed by the veteran was also affordable, perfectly fitting the tight budget. Although it was uneasy that the video interview was refused and replaced by chat, the contract was signed trusting that real-name verification and phone authentication had been completed. However, the individual turned out to be an agent affiliated with North Korea's Military Industry Department.
Government: "North Korea Attempts to Secure Work Orders from Our Companies"
North Korean Cyber Attacks
The above case is a fictional story reconstructed based on characteristics included in the joint advisory on North Korean IT personnel announced by the government on the 8th.
According to the government, North Korean IT personnel reside overseas in Russia, Asia, Africa, and other regions, earning hundreds of millions of dollars annually through illegal cyber activities. The government assesses that a significant portion of these funds is used to finance North Korea's nuclear and missile development.
In particular, most of the North Korean personnel operating abroad belong to organizations sanctioned by the UN Security Council, such as the Military Industry Department and the Ministry of Defense. Therefore, when attempting to enter countries, they reportedly evade sanctions by using student visas or other types instead of work visas.
The Ministry of Foreign Affairs, National Intelligence Service, Ministry of Science and ICT, Ministry of Unification, Ministry of Employment and Labor, National Police Agency, and Fair Trade Commission jointly issued this advisory, urging domestic companies to be cautious not to employ North Korean IT personnel who disguise their nationality and identity.
In fact, a proactive inspection of identity verification procedures on job platforms confirmed that North Korean IT personnel can secure work orders from Korean companies while disguising their identities.
A Ministry of Foreign Affairs official told reporters on the day, "We have identified cases where (identities) were forged to secure work orders targeting our companies." However, specific cases, timing, and numbers of attempts were not disclosed, and it is known that no Korean company has actually employed North Korean personnel hiding their identities.
Forgery of Identification is Basic, Inducing Phone Interviews Instead of Video
Ingonggi
The methods these workers use to disguise their identities are diverse. A representative method is forging identification cards by illegally collecting foreigners' driver's licenses or ID cards and replacing only the photo using Photoshop. When real-name verification is required, they resolve the process by using phone number authentication proxy sites, and it has been revealed that they sometimes borrow entire foreigner accounts on job platforms to operate.
Notably, they avoid video interviews that reveal their faces and prefer to conduct interviews via online chat or phone. When companies request video interviews to solve tasks, they induce phone interviews by claiming communication issues or technical problems prevent audio from working.
When video interviews are absolutely necessary, they sometimes show the face of an account proxy instead, or the North Korean personnel remotely access the proxy's computer to demonstrate programming on their behalf.
Additionally, a government official explained, "Accounts that log in from various IP addresses within a short time or remain connected in real-time all day should be suspected. Especially accounts with cumulative work hours exceeding several thousand or excessively high ratings require verification."
"Considerable Technical Level"... From Games and SNS to Blockchain
The fields of work orders North Korean IT personnel secure through cyberspace are diverse. They are actively engaged in relatively familiar sectors such as business, health, games, and SNS. Furthermore, they are reported to be active in highly technical fields requiring advanced skills, including web and mobile application development, DApps (decentralized applications), smart contracts, and digital tokens across blockchain technology.
A Ministry of Foreign Affairs official told reporters, "They operate in a wide range of fields from low to very high technical levels, including software and app development as well as cutting-edge software areas," adding, "Their technical skills are quite high, and they are fluent in foreign languages."
The official mentioned several fields infiltrated by North Korean IT personnel but cautioned that they are expected to continue shifting fields in response to sanctions.
In particular, although they generally appear to perform legitimate software development work such as securing IT-related work orders from foreign companies, there are cases where they exploit vulnerabilities in smart contract codes to gain unfair profits. Therefore, the government advises domestic blockchain companies to be especially cautious not to employ North Korean IT personnel.
Government: "Providing Work to North Korean Personnel... Violates Laws and UN Security Council Sanctions"
Lee Jun-il, Head of the North Korea Nuclear Diplomacy Planning Division at the Ministry of Foreign Affairs, is giving a background briefing on the government joint alert regarding North Korean IT personnel at the Ministry of Foreign Affairs building in Doryeom-dong, Jongno-gu, Seoul, on the afternoon of the 8th. [Image source=Yonhap News]
When announcing the joint advisory, the government emphasized, "Ordering work from North Korean IT personnel and paying them damages corporate reputation and may also violate domestic laws such as the Inter-Korean Exchange and Cooperation Act or UN Security Council sanctions against North Korea," urging repeated caution.
A National Police Agency official warned, "(Providing or receiving services with North Korean personnel) constitutes a business under the Inter-Korean Exchange and Cooperation Act, so approval from the Minister of Unification is mandatory," adding, "Violations may result in imprisonment of up to three years or fines up to 30 million won." The official further explained, "Even if companies unknowingly provided work to North Korean IT personnel, they must report as soon as suspicion arises. There have been no punishments so far, but punishability applies from the point of recognition."
This government-wide advisory targeting North Korean IT personnel is the second in the world after the United States issued one in May.
The government expects this measure to contribute to blocking illegal foreign currency earnings in cyberspace used to finance North Korea's nuclear and missile development. It also plans to continue efforts to raise awareness about North Korean IT personnel and strengthen caution among IT companies through close cooperation with the international community.
Lee Jun-il, head of the North Korea Nuclear Diplomacy Planning Division at the Ministry of Foreign Affairs, stated, "The government is continuously cooperating closely with allies including the United States to block North Korea's illegal foreign currency earnings," adding, "We will work closely with the international community and make multifaceted efforts to block funding for North Korea's nuclear and missile development through illegal cyber activities."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
