Last week, the U.K.’s Office of Financial Sanctions Implementation (OFSI) issued an advisory urging companies to strengthen their security to avoid unintentionally hiring North Korean information technology (IT) workers. The guidance noted that North Korean citizens are disguising themselves as freelance third-country IT workers to get jobs with U.K. firms and elsewhere. It includes numerous red flags, typologies, and mitigation measures. OFSI’s call echoes previous warnings from U.S. and South Korean authorities, which issued similar notices in 2022 and 2023.
According to OFSI, groups of North Korean IT workers operate on behalf of their country’s government to generate revenue. Under the U.K.’s sanctions framework on North Korea (formally known as the Democratic People’s Republic of Korea, or DPRK), individuals or entities that employ North Korean IT workers could be violating financial sanctions and may face civil or criminal enforcement action. These requirements mirror a United Nations (U.N.) obligation for all member states not to transfer any money or economic resources to individuals or entities operating under the direction of the North Korean regime. The concern is that these funds may be used to support the country’s weapons of mass destruction and missile programs.
The North Korean workers primarily seek jobs in software development, IT support, graphic design, and animation, according to the advisory. They typically operate from Russia, China, or other parts of Asia, Africa, and Latin America. The main affected sectors in the U.K. include information technology, electronic money institutions (EMIs), money service businesses (MSBs), professional services, and the cryptocurrency industry.
Identifying and Mitigating Risk
Some key red flags from OFSI to help companies recognize and address potential vulnerabilities include:
OFSI encourages firms to conduct enhanced due diligence when more than one of those red flags is present and asks them to report any suspicion that they are being targeted. Additionally, the U.K. sanctions enforcement body provides a list of measures that firms can implement to reduce the risk of hiring North Korean IT workers. They include:
Over the past decade, North Korea has increasingly turned to cryptocurrency in an effort to avoid the traditional financial system, where transactions linked to the country are likely to be blocked. In its most recent report, the U.N. Panel of Experts on North Korea indicated that it was investigating 58 suspected cyberattacks targeting approximately $3 billion worth of cryptocurrency by North Korea-related agents between 2017 and 2023, and reported an estimate that 40% to 50% of its weapons of mass destruction program is funded by illicit cybermeans. The panel was dissolved after Russia vetoed the renewal of its mandate in March. Since then, Kim Jong-un has called for an expansion of the country’s nuclear arsenal, and North Korean media published images of him visiting an undeclared uranium enrichment facility last week.
----
More from the U.K.
• U.K. Introduces Tougher Trade Sanctions Regulations: 5 Takeaways
According to OFSI, groups of North Korean IT workers operate on behalf of their country’s government to generate revenue. Under the U.K.’s sanctions framework on North Korea (formally known as the Democratic People’s Republic of Korea, or DPRK), individuals or entities that employ North Korean IT workers could be violating financial sanctions and may face civil or criminal enforcement action. These requirements mirror a United Nations (U.N.) obligation for all member states not to transfer any money or economic resources to individuals or entities operating under the direction of the North Korean regime. The concern is that these funds may be used to support the country’s weapons of mass destruction and missile programs.
The North Korean workers primarily seek jobs in software development, IT support, graphic design, and animation, according to the advisory. They typically operate from Russia, China, or other parts of Asia, Africa, and Latin America. The main affected sectors in the U.K. include information technology, electronic money institutions (EMIs), money service businesses (MSBs), professional services, and the cryptocurrency industry.
Identifying and Mitigating Risk
Some key red flags from OFSI to help companies recognize and address potential vulnerabilities include:
- Inconsistent or changing spelling of name, nationality, location, contact information, and online presence..
- Failure to complete project tasks.
- Refusal to appear on camera, conduct video interviews or meetings.
- An initial offer to provide free services to earn trust, followed by a request for long-term contracts.
- Advertising IT services on online job-seeking platforms or marketplaces.
- Use of an intermediary talent acquisition firm.
- Requesting hardware be sent to an address not listed on the IT worker’s ID documentation.
- Requesting to be paid in an account using someone else’s name.
OFSI encourages firms to conduct enhanced due diligence when more than one of those red flags is present and asks them to report any suspicion that they are being targeted. Additionally, the U.K. sanctions enforcement body provides a list of measures that firms can implement to reduce the risk of hiring North Korean IT workers. They include:
- Using reputable online freelance platforms that offer robust verification measures for IT workers.
- Conducting video interviews.
- Ensuring that an IT worker’s information is consistent across profiles, including social media, freelance platforms, external websites, and payment platforms.
- Verifying that an IT worker’s location and working hours are consistent.
- Conducting preemployment verification checks.
- Requiring freelancers to disable commercial VPNs when accessing company networks.
- Exercising extra caution when interacting with freelance developers through remote collaboration applications.
- Avoiding payments in cryptocurrency.
Over the past decade, North Korea has increasingly turned to cryptocurrency in an effort to avoid the traditional financial system, where transactions linked to the country are likely to be blocked. In its most recent report, the U.N. Panel of Experts on North Korea indicated that it was investigating 58 suspected cyberattacks targeting approximately $3 billion worth of cryptocurrency by North Korea-related agents between 2017 and 2023, and reported an estimate that 40% to 50% of its weapons of mass destruction program is funded by illicit cybermeans. The panel was dissolved after Russia vetoed the renewal of its mandate in March. Since then, Kim Jong-un has called for an expansion of the country’s nuclear arsenal, and North Korean media published images of him visiting an undeclared uranium enrichment facility last week.
----
More from the U.K.
• U.K. Introduces Tougher Trade Sanctions Regulations: 5 Takeaways
