North Korean IT Worker Uses 12 Fake Identities; Europe Also on Alert

The Guardian, citing a Google report on April 20 (local time), reported that North Korean IT workers, one of the country's main sources of foreign currency, have turned to Europe, including the United Kingdom, as an alternative route after being blocked from employment in the United States. The report also suggested that in order to prevent such incidents, companies should raise hiring standards by conducting in-person or video interviews to preemptively mitigate risks.

In a recent report, Google disclosed that among the cases detected last year, a North Korean IT worker attempted to access the defense and government-related industries across the United States and Europe using more than 12 'fake identities.' After being recently dismissed, this individual even threatened to leak sensitive company information.

John Hultquist, chief analyst at Google’s Threat Analysis Group, told The Guardian in an interview, "North Korea has begun focusing on Europe, particularly the United Kingdom, after finding it increasingly difficult to use this tactic in the United States."

In the past, North Korean IT workers primarily targeted U.S. companies, and the proportion of U.S. targets remains significant. However, due to mounting pressure from U.S. sanctions and legal actions by the Department of Justice, North Korea is expanding its operations to other countries, including those in Europe.

For example, on January 23, the U.S. Department of Justice announced the indictment of five individuals: U.S. nationals Eric Prince and Emmanuel Asiter, North Korean nationals Jin Sungil and Park Jinsung, and Mexican national Pedro de los Reyes, on charges including conspiracy to defraud the U.S. government and money laundering. From April 2018 to August last year, they placed North Korean IT specialists in at least 64 U.S. companies, pocketing $866,255 (approximately 1.24 billion KRW).

To prevent such incidents, experts emphasize the need for in-person or video interviews. Hultquist pointed out that companies can prevent North Korean IT workers from securing jobs under false pretenses by conducting in-person or video interviews during the hiring process.

He stated, "HR departments at companies have little experience dealing with 'covert state adversaries,'" stressing that to properly conduct background checks, employers must verify the physical identity of job applicants. He added, "When asked to come to the office for an interview or to participate in a video interview, these (disguised employment) schemes usually fail."

Sarah Con, a North Korea expert at U.S. cybersecurity firm SecureWorks, said the threat of North Korean IT workers gaining employment under false pretenses is "more widespread than companies realize." She advised that UK companies can address this threat by thoroughly vetting applicants and educating HR departments about North Korea's employment disguise tactics. She added, "These (North Korean disguised workers) are usually placed in cramped workspaces with many other North Korean IT workers, which is why they are extremely reluctant to participate in video interviews."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.