Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them
Contents
Executive Summary
Workers with allegiances to the Democratic People's Republic of Korea (DPRK) have been infiltrating organizations worldwide through a fraudulent remote work scheme. This operation not only violates international sanctions but also poses cybersecurity risks to unwitting employers.
Drawing on publicly available information, including recent U.S. Department of Justice reports, Unit 42 has developed a guide for network defenders. While no single technique alone will detect these operatives, we propose a multi-faceted strategy that combines enhanced IT asset management, contextual analysis and strengthened security awareness.
Key to our recommendations is the implementation of a risk matrix tailored to each organization's specific environment. This matrix helps identify red flags, including the use of stolen identities, unusual work patterns and suspicious shipping addresses. We also stress the importance of rigorous background checks and the need for organizations to share information about suspicious activities.
With these strategies, organizations can strengthen their ability to detect and mitigate …
Workers with allegiances to the Democratic People's Republic of Korea (DPRK) have been infiltrating organizations worldwide through a fraudulent remote work scheme. This operation not only violates international sanctions but also poses cybersecurity risks to unwitting employers.
Drawing on publicly available information, including recent U.S. Department of Justice reports, Unit 42 has developed a guide for network defenders. While no single technique alone will detect these operatives, we propose a multi-faceted strategy that combines enhanced IT asset management, contextual analysis and strengthened security awareness.
Key to our recommendations is the implementation of a risk matrix tailored to each organization's specific environment. This matrix helps identify red flags, including the use of stolen identities, unusual work patterns and suspicious shipping addresses. We also stress the importance of rigorous background checks and the need for organizations to share information about suspicious activities.
With these strategies, organizations can strengthen their ability to detect and mitigate …