Facepalm: A massive army of IT workers has reportedly been mobilized by North Korean dictator Kim Jong-Un to infiltrate Western companies in what is believed to be one of the largest state-sponsored cyber crime syndicates in the world. The network reportedly relies on Western collaborators and uses open-source applications to carry out its illegal operations.
According to cybersecurity firms Flare Research and IBM X-Force, North Korea is using a network of more than 100,000 hackers, developers, and IT operatives to infiltrate global companies, steal people's private data, and funnel hundreds of millions of dollars to the Kim Jong-Un regime.
The report details how the rogue operatives are using state-of-the-art infrastructure to manage their operations, which include recruiting global IT workers and hiring US- and Europe-based brokers who facilitate financial transfers and operate server firms that enable the operations.
Many of the operatives do not even realize they are working for the North Korean government. According to the report, candidates often express "confusion rather than acceptance" when they're told they will have to adopt American names for their job, suggesting they have no idea they'd be working for Pyongyang under false American identities.
Fresh recruits are given detailed instructions on how to land jobs in Western companies. According to a document seen by the researchers, the workers are advised to address headhunters in these organizations by name in their applications, as that can apparently improve their chances of getting hired by 26%.
People with experience in WordPress, blockchain technologies, and Microsoft's .NET Framework are most in demand for these jobs. The operatives typically use custom North Korean software, such as NetKey VPN, as well as commercial VPN services, especially Astrill VPN, to obfuscate their IP addresses.
Other applications used by the operatives include decentralized open-source platforms, such as IP Messenger, to stay in contact with each other and their managers and handlers. Data obtained during the research also suggests the workers may sometimes use free proxy servers to connect to websites and services in the Western hemisphere.
The scheme reportedly generates around $500 million per year for the North Korean government, with most of it coming from global IT companies. In 2022, US government research indicated that some North Korea-based remote IT workers could be earning more than $300,000 from Western firms, with the vast majority being funneled to the regime.
The North Korean operatives have reportedly developed several ways to bypass traditional vetting processes, making them hard to identify. However, the researchers believe organizations can still keep them out of their workforce by getting to know their employees better and building a personal relationship with them from day one.