Governments, tech companies meet in Tokyo to share tips on fighting North Korea IT worker scheme

Multiple governments and companies held a forum in Tokyo on Tuesday to discuss ways of combating a years-long campaign by North Korea to have its citizens illicitly hired in information technology roles. 

The U.S. State Department said it worked with the Ministries of Foreign Affairs in Japan and South Korea to organize the forum, which had more than 130 attendees from freelance work platforms, payment service providers, cryptocurrency companies, AI firms and more. 

The U.S. State Department said the event was designed to be a forum where stakeholders could share information on how to collectively defend against the scheme. Multiple Japanese and South Korean companies — particularly in the cryptocurrency industry — have lost millions after mistakenly hiring North Korean IT workers. 

The three countries have worked together on stopping the scheme since 2022 and previously said in January that North Korea’s notorious Lazarus Group hackers “continue to demonstrate a pattern of malicious behavior in cyberspace by conducting numerous cybercrime campaigns to steal cryptocurrency and targeting exchanges, digital asset custodians, and individual users.”

In addition to the more than $500 million taken from DMM Bitcoin and WazirX, another $116 million was taken in North Korean attacks on crypto platforms Upbit, Rain Management and Radiant Capital. 

North Korea’s government has been able to secure hundreds of millions of dollars for its weapons of mass destruction and ballistic missile programs through the scheme – which sees North Korean citizens based in China, Russia or Southeast Asia use stolen U.S. or European IDs to get employed and earn high-paying salaries at Western companies. 

Hundreds of workers have obtained employment, with many handling multiple jobs at once at high-profile Fortune 500 companies. 

While several companies have said the IT work was done competently in some instances, U.S. officials have warned of a range of potential issues — including the exposure of sensitive data, reputational harm, legal consequences and future attacks by North Korean hackers who now have a roadmap to a company’s signature assets. 

Last month, Three senior North Korean officials involved in IT schemes were sanctioned by the U.S. Treasury Department and an Arizona woman was sentenced to eight years in prison for her role in running U.S.-based laptop farms that made it look like North Koreans were working from the U.S.