FBI Warns of North Korean Social Engineering Tactics and Recruitment/Hiring of IT Workers

The U.S. Federal Bureau of Investigation (FBI) and South Korea’s Ministry of Foreign Affairs have issued an advisory offering guidance to “the international community, the private sector, and the public to better understand and guard against the inadvertent recruitment, hiring, and facilitation” of North Korean IT workers.

The advisory explains that “the hiring or supporting of DPRK IT workers continues to pose many risks, ranging from theft of intellectual property, data, and funds, to reputational harm and legal consequences, including sanctions under U.S., ROK, and United Nations (UN) authorities.” North Korean government operatives frequently use social engineering to conduct cyber espionage and financial theft.

The advisory outlines 10 important red flags associated with potential North Korean IT workers:

1. “Unwillingness or inability to appear on camera, conduct video interviews or video meetings; inconsistencies when they do appear on camera, such as time, location, or appearance."
2. “Undue concern about requirements of a drug test or in person meetings and having the inability to do so."
3. “Indications of cheating on coding tests or when answering employment questionnaires and interview questions. These can include excessive pausing, stalling, and eye scanning movements indicating reading, and giving incorrect yet plausible-sounding answers."
4. “Social media and other online profiles that do not match the hired individuals provided resume, multiple online profiles for the same identity with different pictures, or online profiles with no picture."
5. “Home address for provision of laptops or other company materials is a freight forwarding address or rapidly changes upon hiring."
6. “Education on resume is listed as universities in China, Japan, Singapore, Malaysia, or other Asian countries with employment almost exclusively in the United States, the Republic of Korea, and Canada."
7. “Repeated requests for prepayment; anger or aggression when the request is denied."
8. “Threats to release proprietary source codes if additional payments are not made."
9. “Account issues at various providers, change of accounts, and requests to use other freelancer companies or different payment methods."
10. “Language preferences are in Korean but the individual claims to be from a non-Korean speaking country or region.”

Share this with your HR Team.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

The FBI has the story.