South Korean authorities issue warning about disguised North Koreans getting IT jobs

South Korean authorities issued an interagency advisory Thursday warning companies about hiring North Korean IT workers who disguise their true nationality and use their wages to help fund the country’s sanctioned nuclear weapons program.

The advisory was published by several ministries, alongside South Korea’s National Police Agency and its National Intelligence Service, requesting “enhanced due diligence and more stringent identity verification process from domestic companies to avoid hiring or engaging in business contracts with [North Korean] IT workers who disguise their nationality and identities.”

It follows a similar alert in May issued by the FBI, Treasury Department and State Department to American companies looking to hire freelance workers.

Thursday’s advisory from the South Korean authorities warned that North Korean workers were located “all around the world, obfuscating their nationality and identities” while earning “hundreds of millions of dollars a year” by freelancing as developers.

The unusual diaspora was created as a result of sanctions imposed on North Korea in 2016 due to its nuclear missile tests, which led to a sharp decline in the country’s exports. With such a dramatic fall in income, the regime turned to using IT workers to contribute to funding its nuclear and ballistic missile program.

The South Korean government said it had preemptively reviewed the identity verification process used by several freelance work platforms, and “concluded that it is indeed possible for [North Korean] IT workers to obtain employment from domestic companies by obfuscating their identity.”

These workers “are presumed to be engaging in wide-ranging types of work, including the development of decentralized applications, smart contracts and digital tokens, as well as mobile and web-based applications that span a range of fields and sectors, including business, health and fitness, social networking, sports, entertainment, and lifestyle,” said the advisory.

“The vast majority” of the workers’ earnings were remitted back to North Korea to entities that have been sanctioned under UN Security Council resolutions, and then used to fund North Korea’s weapons research programs, said the advisory.

It added that “in some cases they are involved in malicious cyber activities, such as obtaining illicit gains by taking advantage of vulnerabilities in smart contract codes. Therefore, domestic blockchain companies must exercise extra caution so as to avoid employing [North Korean] workers,” it warned.

Last month, the Treasury Department reissued sanctions on the Tornado Cash cryptocurrency mixer service, accusing the platform of helping North Korean government hackers launder more than $455 million stolen in March 2022.

The U.S. has also previously accused North Korean hackers of being behind the headline-grabbing attack on Ronin Network, which saw almost $600 million in cryptocurrency stolen.