North Korean Specialists “Rent” Foreign Identities to Work in Overseas Companies

North Korean IT specialists “rent” the identities of foreigners to work in foreign companies on their behalf, gathering data and earning money for the national budget.

This is stated in an investigation published by Fortune.

North Korea extensively uses its IT specialists to earn foreign currency abroad, working on popular job search platforms like LinkedIn, Fiverr, and Upwork. To work on such platforms or to be hired by a foreign company, a worker must go through a verification process, so North Korean engineers often involve foreign accomplices as fake employees.

Cybersecurity specialist Aidan Raine posed as such an accomplice, agreeing to collaborate with North Korean workers to uncover the details of a scheme that, according to the U.S. government, brought North Korea hundreds of millions of dollars.

A Team Under One Identity

The plan was for North Korean partners to carry out most of the technical work using remote access tools, while Aidan would handle the public-facing part — attending meetings and negotiations where direct communication with the employer was required.

North Korean workers created a fake LinkedIn profile for their foreign accomplice and submitted job applications. They altered Aidan’s photo in such a way that it appeared different from other images of him online.

The persona was created by an experienced geographic information systems (GIS) developer. His work portfolio included, among other things, the successful development of an emergency services app that tracks the location of ambulances.

About four North Korean specialists, who communicated with Aidan under a single identity named “Ben,” were supposed to receive 70% of their salary in the form of cryptocurrency transfers or through PayPal or Payoneer.

“They are essentially doing all the work,” said Aidan Raine. “They tried to use my real identity to bypass the verification process; they wanted it to be very close to my actual identity.”

The “Ben” team even successfully conducted an interview with a private contractor for the U.S. government. They used remote access to the computer and typed responses to the employer’s questions in Notepad, which Aidan then read aloud. The company offered a full-time position with remote work options and a salary of $80,000 per year.

After this, Raine immediately stopped the experiment and terminated the agreement with the company, explaining that he could not accept the offer.

North Korean Freelancers

According to the U.S. Department of the Treasury, the North Korean IT specialists earn hundreds of millions of dollars for the regime each year through this method. Individual IT specialists can earn up to $300,000 annually by working remotely for international companies. Most of these funds bypass international sanctions through complex networks of shell companies.

Among the platforms most commonly used in these schemes, in addition to LinkedIn and Fiverr, are Upwork, Guru, and Freelancer. Popular professions include frontend and backend developers, software testers, and graphic designers.

The founder of the identity verification company Hypr notes that the aspect of social engineering has evolved, and North Korean engineers, along with other criminal groups mimicking this scheme, use public information and AI to refine their tactics.

Militarnyi previously reported that North Korean hackers had stolen classified critical data about the K2 Black Panther main battle tank, as well as about Baekdu and Geumgang reconnaissance aircraft from South Korea.