Your organization’s freelance remote IT workers could be North Korean threat actors!

By CybersecAsia editors | Friday, January 31, 2025, 12:03 PM Asia/Singapore

While the US Justice Department is actively sniffing such threat actors out, firms elsewhere need to take preemptive action as well

On 23 Jan this year, two North Korean nationals and three US nationals were featured in the media for their indictment for engineering a fraudulent scheme to obtain remote IT work with US firms that generated revenue for North Korea.

The US Justice Department runs an initiative launched in March 2024 that “prioritizes the identification and shuttering of US-based ‘laptop farms’ (locations hosting laptops provided by victimized US firms to individuals they believed were legitimate US-based freelance IT workers) and the investigation and prosecution of individuals hosting them.

According to the indictment, the defendants and their unindicted co-conspirators had, from approximately April 2018 through August 2024, obtained work from at least 64 US firms to generate revenue for N Korea. Payments from 10 of those firms had generated at least US$866,255 — most of which the defendants then laundered through a Chinese bank account.

North Korean IT workers have — according to a principal analyst at Mandiant, Michael Barnhart — been exploiting some firms using virtual desktop infrastructure (VDI) for their remote employees instead of sending them physical laptops. “While this is more cost-effective to the company, it’s easier for the threat actors to hide their malicious activity.”

Barnhart, who leads a threat hunting team for this type of cyber threat, noted that the increased pressure from US law enforcement and media coverage on North Korea’s elaborate profiteering scheme is impacting the success of their operations. However, “an unfortunate byproduct of law enforcement action is these threat actors are becoming noticeably more aggressive in their tactics… increasingly infiltrating larger organizations to steal sensitive data and follow through on their extortion threats against these enterprises…” and “…expanding their operations into Europe, as it’s easier to entrap citizens (there) who aren’t familiar with their ploy.”

Organizations in the region are advised to keep vigilant for IT workers who could be linked to N Korea and involved in schemes to obtain remote employment in order to obtain funds for illicit purposes, according to Barnhart.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
Mitigating Ransomware Risks with GRC Automation
In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

Outgrowing limited perimeter-based security, DAIKYO ascends to zero trust holistic identity security
Besides gaining improved incidence response, the firm and its subsidiaries has reported increased productivity and …Read more
CASE STUDIES: Insider Threat Detection & Response
Insider threats are on the rise, with 60% of data breaches involving insiders. Explore how …Read more
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Read more
Unlock Your Guide to Securing Business Critical Secrets
Is your organization effectively managing access to sensitive secrets like credentials, API keys, and certificates …Read more

Featured

Security, convenience and fraud management in digital payments

Featured

The changing roles – and tools – of CISOs

Featured