Are North Korean Remote IT Workers Targeting Crypto Firms?  Here’s what we know

Are North Korean Remote IT Workers Targeting Crypto Firms? Here’s what we know

According to the US government, North Korean IT workers are flooding the free market. It’s illegal for American companies to hire them, but what if they have no idea they’re doing it? In this new telecommuting world we live in, it’s totally possible. North Korean workers are targeting all kinds of technology-focused businesses, but of course, CNN report on a topic focused on cryptocurrency firms.

“It’s an elaborate money-making scheme that relies on fake companies, contractors and deception to prey on a volatile industry that’s always on the hunt for top talent. North Korean tech workers can earn more than $300,000 a year—hundreds of times the average income of a North Korean citizen—and up to 90 percent of their wages go to the regime, according to a U.S. advisory.”

In contrast, this is what The US government actually announced:

“The DPRK is sending thousands of highly skilled IT workers around the world to generate revenue that contributes to its weapons of mass destruction (WMD) and ballistic missile programs, in violation of US and UN sanctions. These IT workers are taking advantage of existing demands for specific IT skills, such as software and mobile application development, to win freelance contracts from clients around the world, including North America, Europe and East Asia.”

It’s worth noting that the document doesn’t mention “crypto” or “bitcoin,” but let’s read what the mainstream media has to say.

How CNN Connects North Korean IT Workers to Cryptocurrency?

The plan is simple, connect this new development with numerous cryptocurrency related hacks that NewsBTC reported in a timely manner:

“Hackers backed by the North Korean government have stolen billions of dollars in recent years by breaking into cryptocurrency exchanges, according to the United Nations. In some cases, they’ve netted hundreds of millions of dollars in a single heist, according to the FBI and private investigators.”

To establish authority, CNN also quotes individuals connected to the US government, such as “Soo Kim, a former North Korean analyst at the CIA.” She said: “(North Koreans) take this very seriously. It’s not just some rando in his basement trying to mine cryptocurrency, it’s a way of life.” However, is he talking about hackers or job hunters? “Although the craft is not perfect right now, in terms of how they approach foreigners and attack their vulnerabilities, it’s still a fresh market for North Korea,” she said later, apparently referring to job hunters.

Another authority figure featured by CNN is “Fred Plan, the lead analyst at the cybersecurity firm Mandiant, which investigated suspected North Korean tech workers.” He says, “Most of these crypto firms and services are still far from the security posture we see in traditional banks and other financial institutions”. He’s right about that, but what does that have to do with freelancers looking for IT jobs?

ETH price chart for 07/12/2022 on FTX | Source: ETH/USD on

What about those hacks everyone keeps talking about?

The only authority figure linking IT workers to North Korean hackers is “Nick Carlsen, who until last year was an FBI intelligence analyst focused on North Korea”. What this man says might be the most important part of the article. “These guys know each other. Even if a particular IT worker isn’t a hacker, he absolutely knows one. Any vulnerability they could identify in the client’s systems would be at great risk.”

The CNN article keeps it as vague as possible about the hacks:

“Hackers linked to Pyongyang stole what was then the equivalent of $600 million in cryptocurrency from a Vietnam-based video game company in March, according to the FBI. And North Korean hackers are likely behind a $100 million heist at a California-based cryptocurrency firm, according to blockchain analysis firm Elliptic.

Fortunately for you, NewsBTC is here to help.

What does NewsBTC know about North Korean hackers?

The first item seems to refer to Axie Infinity/Ronin hack. We reported on this:

“Alphabet Agency has traced funds to wallets linked to the North Korean hacking group Lazarus. Does The Block’s article add to or refute this version of the story? It’s hard to see the North Koreans pulling off a stunt like this.

In any case, at the time the FBI was extremely clear in its statement quoted here:

“Through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors linked to the DPRK, were responsible for the theft of $620 million in Ethereum reported on March 29.”

If the story about remote IT workers is true, we were wrong when we said, “It’s hard to see the North Koreans pull this stunt.” The second item seems to refer to the Harmony hack, and to describe it we will quote our sister site Bitcoinist, which reported:

“The United States government believes that Lazarus was acting on behalf of North Korea’s secret intelligence service. Elliptic, a blockchain analytics company, revealed in a report that: “The theft was achieved by compromising the cryptographic keys of a multi-signature wallet – most likely via a social engineering attack on members of the Harmony team. The Lazarus group routinely uses such methods.”

And that’s what we know so far. Are North Korean IT workers connected to hackers? Probably so, but the US government didn’t even mention cryptocurrencies or bitcoin in their “Guidelines for Information Technology Workers in the Democratic People’s Republic of Korea.

Featured Image taken from this post | Charts by TradingView

Source link

Leave a Reply