The government body that clamps down on funding for terror and hostile states has published a formal alert claiming that representatives deployed by the DPRK are embedded in UK Plc
A government watchdog has warned that UK companies are being targeted by IT specialists deployed by the North Korean government to pose as remote freelance workers.
The Office of Financial Sanctions Implementation (OFSI) – a unit of HM Treasury with a remit to root out and prevent funding for terrorism and hostile states – has issued an advisory notice flagging that “it is almost certain that UK firms are currently being targeted by Democratic People’s Republic of Korea IT workers disguised as freelance third-country IT workers to generate revenue” for the North Korean regime.
As well as making money for the Pyongyang administration, OFSI also warns UK Plc that “DPRK IT workers may gain privileged access to sensitive or critical company information, [and] there is a realistic possibility that this could result in this information being compromised or misused by other malign DPRK cyber actors”.
Shortly after the warning was issued, the Home Office’s security minister Dan Jarvis indicated that, in the coming weeks and months, the rest of government will work with the funding watchdog to help monitor and tackle this Korean threat.
“OFSI continues to work with wider government and international partners to track the deployment of DPRK IT workers abroad and map the development and evolution of this threat of proliferation financing in light of increased industry awareness,” he said, in answer to a written parliamentary question from fellow Labour MP Anneliese Dodds.
Jarvis added: “OFSI will take robust, proportionate action in response to breaches of financial sanctions. In the most serious cases, we will not hesitate to impose civil monetary penalties or refer cases for criminal investigation where appropriate.”
The sectors most at risk from North Korean threat include IT and professional services, as well as the electronic payments and cryptocurrency industries, according to OSFI.
Related content
- EXCL: Cabinet Office looks to ‘address cross-government capability gap’ with deal for Microsoft intel on nation-state threats
- Government comms unit taps into tech tool to track Russian social disinformation
- China launched cyberattacks on electoral data and MPs as part of ‘large-scale espionage’, ministers claim
The Treasury body’s recent guidance states that, having been sent out by North Korean government “to fraudulently gain employment with companies in the UK, US and elsewhere”, IT experts most often operate from Russia or China – but some are based in other parts of Asia, as well as locations in Africa and Latin America.
Offering “skills in areas including… software development, IT support, graphic design, and animation”, the freelancers use technologies such as virtual private networks to mislead employers about their location.
The financial watchdog notes that these specialists “can earn substantial amounts, often by maintaining multiple long term and full-time positions while simultaneously conducting freelance work”.
“Revenue funds obtained by DPRK IT workers are used to purchase UN-prohibited goods and military equipment,” the advisory notice says. “This revenue also contributes to the DPRK’s illicit WMD (weapons of mass destruction) and missile programmes. Proliferation financing of this kind more broadly threatens the stability of the UK and global financial system and poses a clear international security risk.”
In order to mitigate the potential risk of unwittingly hiring a North Korean operative, UK companies are adviser to use only the most reputable freelance platforms and communicate only via the channels provided within these sites.
Companies should also conduct video interviews and cross-check the information of potential hires across different places, including professional platforms, payment tools, and social networks.
Sites connecting freelancers with jobs should also perform extra checks – particularly on new accounts – including verification via video.
Electronic payment service providers, meanwhile, should also exercise extra scrutiny, and look out for “frequent transfers of funds to or from China-based bank accounts… funds routed through one or more companies to disguise their ultimate destination… [and] customers that share the same device for multiple accounts”.
