Unmasking the Elusive North Korean IT Workers: New Developments and Ongoing Challenges

Earlier, we had reported how North Koreans workers were channeling money from the United States to their home country for missile development. This led to a jump in the cybersecurity concerns surrounding the US and the world. One question that is bothering everyone is: How do they do it, and why is it so challenging to spot them?

Recent court documents have unveiled the elaborate methods they use to conceal their true identity and origin. This revelation sheds light on the importance of vigilance when hiring professionals online and serves as a cautionary tale for businesses looking to outsource IT work.

The Backstory

This story begins in August 2019 when the Federal Bureau of Investigations (FBI) interviewed an individual in the US who had an account on a global freelancing platform. This platform acts as a marketplace where businesses can find independent professionals for various tasks, including software development and IT-related work.

During the FBI’s interview, the person revealed an agreement with a second individual, allowing the latter to work through their freelancing platform account. To execute this arrangement, the interviewee purchased a laptop and maintained it connected to the internet at their home. This laptop was then used for remote access by the second individual, making the setup complex and harder to trace.

The Money Trail

Once the IT freelancing work was completed, payments were deposited into the account of the individual who owned the freelancing platform account. They received a commission for their services and then transferred the remaining money through an online payment account registered with a “126.com” email address, a popular Chinese email provider. The security question for this payment account was answered with “yinxing,” meaning “Silver Star” in Chinese.

The court documents connect all these accounts and workers to a company called Yanbian Silverstar Network Technology Co., Ltd. This company, based in Jilin, China, is known for its IT outsourcing work and has a North Korean CEO. The US government sanctioned it in 2018 and alleges that it has earned “millions of dollars” for North Korea.

Domain Names and Fake Companies

As part of the investigation, the FBI seized 17 domain names and approximately $1.5 million in payment accounts believed to be controlled by Yanbian Silverstar. These domains were used to create websites that impersonated legitimate businesses, fooling people into thinking they were dealing with reputable companies.

The Warning Signs

The US and South Korean governments have long been warning about the risks associated with hiring North Korean IT workers online who operate under false identities. One of the key takeaways from this case is the difficulty in detecting such deceptive practices. An updated advisory offers several red flags to watch out for when hiring online professionals, including a reluctance or inability to appear on camera for interviews.

In the intricate world of freelancing platforms and IT outsourcing, this case underscores the importance of due diligence and a cautious approach. The internet is a vast and intricate ecosystem, where shadowy dealings can sometimes go unnoticed. Protecting your business from such hidden risks requires staying informed and being vigilant when considering online hires.

As we continue to navigate the digital landscape, it’s a stark reminder that behind every online profile, there may be more than meets the eye. Staying aware and alert can help businesses avoid falling into the trap of unwittingly hiring individuals with hidden agendas, no matter where in the world they might be.



  1. William Bentick Avatar
    William Bentick

    This story highlights the ever-evolving challenges in cybersecurity. It’s a stark reminder of the importance of due diligence in online hiring and maintaining strong digital defenses

Join the Discussion

Discover more from Domain Magazine

Subscribe now to keep reading and get access to the full archive.

Continue reading

Verified by ExactMetrics