North Korean programmers getting jobs in US by showcasing blockchain skills


Actors from North Korea fraudulently obtained remote employment from US companies by creating fake social media profiles and claiming to have highly sought-after technical skills and experience, investigators from threat intelligence firm Nisos have observed.

Nisos identified several IT workers suspected to be online personas used by the Democratic People’s Republic of Korea to leech funds and data from unwitting companies in the US.

“These personas claim to have experience developing web and mobile applications, knowledge of multiple programming languages, and an understanding of blockchain technology,” the report reads.

ADVERTISEMENT

In one example, Vu Minh Dao was proud of his experience in blockchain transactions, which he acquired during a tenure at Cyberbox: “I served as a Senior iOS Engineer (Sr.SE), bringing extensive experience in iOS app and smart contract development. In this role, I designed and developed 2 mobile apps (iOS & Android) and an integrated marketplace and Banking System, processing around 3.2M USD monthly with secure blockchain transactions.”

DPRK workers

The fraudster boasted of having experience in many programming languages, management of a dev team as CTO, and others.

Another persona, Alex Lu, was a blockchain and web3.hs developer, skilled in smart contracts.

North Korean actors

Employers also received resumes from Bruno Dao, who had many followers on LinkedIn and referred to himself as an iOS and Blockchain developer on his GitHub profile. He talked about remote working, and his profile remained active for a short period before being flagged and disabled.

North Korean actors represent themselves as US-based teleworkers, but Nisos investigators found indications that they’re based abroad.

“Nisos assesses that the accounts were created solely for the purpose of acquiring employment. Investigators found instances of several accounts, associated with a persona, using the same picture but different names; other accounts lacked profile photos. Investigators also found that many of the accounts are only active for a short period of time before they are disabled,” the report reads.

ADVERTISEMENT

Some signals of fake personas include a lack of social media accounts, reused photos of the same individual, different locations associated with different accounts, profiles and resumes containing only minimal information, and other inconsistencies.

“Boasting expert-level skills in mobile and web-based applications as well as a number of programming languages, the personas also list significant remote work experience, which can be difficult to verify. The personas further obfuscate their identities by impersonating US-based individuals’ identities,” Nisos warns.

Hiring North Korean employees is a violation of US and United Nations (UN) sanctions.

On 16th May 2022, the US Department of State, Department of the Treasury, and the Federal Bureau of Investigation (FBI) warned of attempts by North Korean IT workers to obtain employment while posing as non-North Korean nationals.

According to the advisory, they earn money to support North Korean leader Kim Jong Un’s regime and are involved in funding the UN-prohibited Weapons of Mass Destruction and ballistic missile programs, as well as its advanced conventional weapons development and trade sectors.