DPRK IT Workers threat in Open Source Organizations
Contents
Ketman has been live for a month. The first report is here. However, this article isn’t about that. It’s about North Korean IT worker-related risks to the remote-first open source organizations. The infiltration. The consequences of it, actually. And why you should care where the Pull Request originates from.
Am I a DPRK IT Worker Target?
Who they target more: Remote-first. Open-source. DAOs. Grant-funding. Easy KYC. Crypto payrolls. Early stage. Protocol. Freelance organizations. Community-priority, tech-necessity.
Who they target less: Hybrid/On-site. Legal and Cybersec teams on-board. Open-source, but with dedicated code reviewer. Hard KYC/AML/Payroll mandatory. Tech-first, community-second. Late stage. Infrastructure. EDR & Threat Intelligence savvy.
- Are you hiring remotely from the public hiring pool? (Remote-first)
- Are you accepting pull requests from unknown people? (Open source)
- Are you issuing bounties for independent work? (DAO-like)
- Are you paying in crypto? (Grant)
- Are you not always performing KYC on contributors? (Payroll)
- Are you running remote community events? …
Am I a DPRK IT Worker Target?
Who they target more: Remote-first. Open-source. DAOs. Grant-funding. Easy KYC. Crypto payrolls. Early stage. Protocol. Freelance organizations. Community-priority, tech-necessity.
Who they target less: Hybrid/On-site. Legal and Cybersec teams on-board. Open-source, but with dedicated code reviewer. Hard KYC/AML/Payroll mandatory. Tech-first, community-second. Late stage. Infrastructure. EDR & Threat Intelligence savvy.
- Are you hiring remotely from the public hiring pool? (Remote-first)
- Are you accepting pull requests from unknown people? (Open source)
- Are you issuing bounties for independent work? (DAO-like)
- Are you paying in crypto? (Grant)
- Are you not always performing KYC on contributors? (Payroll)
- Are you running remote community events? …