Geopolitical Monitoring Report | December 9, 2022

North Korea

South Korean Officials Warn that North Korea is Using Undercover Remote Freelance Workers to Fund its Missile Program

Background:

South Korean officials have issued a warning that North Korea has been funding its illegal ballistic missile programs by hiring out its citizens with software development skills as  freelance remote workers under assumed names and fake/stolen identity documents to work for companies in North America, Europe, and East Asia.

The vast majority of these workers have direct connections to sanctioned entities involved with North Korea’s defense industry. These workers have been targeting freelance jobs in industries ranging from cryptocurrency to video game development and send most of the money earned back to North Korea, providing the Kim Regime with hard currency to fund its weapons programs.

Pyongyang has launched a record number of ballistic missiles this year and this has led to additional economic sanctions being levied on the country by the US and its allies. These launches were likely funded in part by these sorts of activities. 

Impact:

The South Korean government’s advisory noted that employing these North Korean freelance workers could subject companies to legal risks in South Korea and violate UN Security Council resolutions. In addition, companies that inadvertently employ these North Korean freelance workers would also find themselves subjected to EU, UK, and US sanctions on North Korea; especially financial sanctions that apply beyond the borders of those countries and entities.

This risk seems only likely to increase in the future, as there are clear indications that North Korea is almost certainly preparing to conduct its first nuclear test since 2017. Another nuclear test by the Kim regime is likely to result in another round of sanctions on North Korea, which would naturally increase its reliance on unconventional schemes like this to raise funds to pay for ballistic missile and nuclear testing programs. The widespread publication of this activity may also result in other sanctioned regimes in countries that have a large number of tech workers to engage in similar activities and encourage companies located there to engage in this practice. 

Mitigation:

The South Korean government’s warning stated that individuals who request a text or call-only interview should be treated with extreme suspicion, as this is a common technique used by North Korean workers trying to gain freelance employment.

Companies that are hiring freelancers or remote employees from overseas should also ensure they have conducted significant due diligence on these employees and their former employers to ensure that they are not inadvertently funding sanctioned entities before making their hiring decision. This practice should also be implemented by any contractors your organization uses due to the potential reputational and sanctions risks that you could face for being connected to this type of scheme.

Finally, rogue regimes like North Korea are experts at leveraging unconventional money-making schemes to address the hard currency shortages that they face due to sanctions. Companies and organizations should ensure they have quality third-party intelligence capabilities that are able to mitigate these types of threats.

About Nisos®

Nisos is The Managed Intelligence Company®. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.