Skip to main content
  • SHRM
  • Foundation
  • CEO Circle
  • SHRM Business
  • Linkage Logo
  • Store
  • Sign In
  • Account
    • Account
    • Logout
    • Global
    • India
    • MENA
Executive network
About
Apply Now
  • Membership
  • News & Insights
    News & Insights

    Christine Mixan
    People + Strategy Podcast

    The People + Strategy podcast features thought leaders in HR and insights from the world of work.

    • People + Strategy Journal

      People + Strategy is a quarterly journal that delivers the most current theory, research, and practice in strategic human resource management.

    • Research

      Unlock data, research, and expert thought leadership, accelerating your organization’s growth and success.

    • News

      Members of the SHRM Executive Network enjoy access to expert analysis of data from SHRM Research, commentary on current trends, and insights from recent EN events.

  • Networking & Events
    Networking & Events

    Executive Network Experience at SHRM25
    Executive Network Experience at SHRM25

    This private convening is designed to meet your professional business needs as an HR leader.

    • Visionaries Summit

      When you attend the two-day Visionaries Summit, you’ll leave with data-backed ideas and action plans to implement right away.

    • EN:Insights Forum

      The EN:Insights Forums bring together like-minded leaders to explore the latest research on the business strategies and trends that are driving innovation and organizational success.

    • EN:Assembly

      Your trusted circle of HR peers for thought leadership, collaboration, and support.

Close
  • Membership
  • News & Insights
    back
    News & Insights
    Christine Mixan
    People + Strategy Podcast

    The People + Strategy podcast features thought leaders in HR and insights from the world of work.

    • People + Strategy Journal

      People + Strategy is a quarterly journal that delivers the most current theory, research, and practice in strategic human resource management.

    • Research

      Unlock data, research, and expert thought leadership, accelerating your organization’s growth and success.

    • News

      Members of the SHRM Executive Network enjoy access to expert analysis of data from SHRM Research, commentary on current trends, and insights from recent EN events.

  • Networking & Events
    back
    Networking & Events
    Executive Network Experience at SHRM25
    Executive Network Experience at SHRM25

    This private convening is designed to meet your professional business needs as an HR leader.

    • Visionaries Summit

      When you attend the two-day Visionaries Summit, you’ll leave with data-backed ideas and action plans to implement right away.

    • EN:Insights Forum

      The EN:Insights Forums bring together like-minded leaders to explore the latest research on the business strategies and trends that are driving innovation and organizational success.

    • EN:Assembly

      Your trusted circle of HR peers for thought leadership, collaboration, and support.

About
Apply Now
  • Store
    • Global
    • India
    • MENA
  • SHRM
  • Foundation
  • CEO Circle
  • SHRM Business
  • Linkage Logo
Executive network
Sign In
  • Account
    • Account
    • Logout
Close

  1. Executive News & Insights
  2. Fraudulent IT Workers in North Korea May Pose a Cyberthreat to Your Business
Share
  • Linked In
  • Facebook
  • Twitter
  • Email

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus convallis sem tellus, vitae egestas felis vestibule ut.


Error message details.

Copy button
Reuse Permissions

Request permission to republish or redistribute SHRM content and materials.


Learn More
News

Fraudulent IT Workers in North Korea May Pose a Cyberthreat to Your Business

September 18, 2024 | Michael Barnhart

Image of hands typing on a laptop with error symbol over top.

The digital age has ushered in unprecedented opportunities for global collaboration and remote work, but it has also opened doors for a particularly insidious cyberthreat: fraudulent IT workers in North Korea. Trained and deployed by the regime, these individuals skillfully infiltrate legitimate companies under the guise of freelance or remote work, posing a significant risk to sensitive information, intellectual property, and financial assets. In addition, they fund the regime in various ways.

These cyberthreats can have a serious impact on your business. In one recent case, an IT worker scam uncovered by the FBI cost victim companies more than $500,000 associated with auditing and securing their devices, systems, and networks after the IT workers were discovered. That is on top of the hundreds of thousands of dollars paid to these fraudulent workers through their salaries. Guidance from the State Department, Treasury Department, and FBI show that, in some cases, these teams can collectively earn more than $3 million annually. 

Further complicating the threat landscape is the blending of these IT workers with North Korean Advanced Persistent Threat (APT) groups that are behind large cyberattacks, making the need for vigilance and proactive measures even more crucial for HR leaders, hiring managers, and executives alike.

Highly proficient in various IT disciplines, these workers expertly exploit the demand for remote talent. They can pose as freelancers from other countries, such as Vietnam, and recruit individuals in the host nation, such as the U.S., to facilitate operations, all while using a range of techniques to hide their true identities. IT workers can operate in any location using a VPN to mask their IP address. 

Once embedded within a company, APT operators can leverage their access for malicious purposes, ranging from data theft to cyberespionage. Their activities not only generate millions of dollars in revenue for the North Korean regime but also enable them to conduct sophisticated cyberattacks. Integrating IT workers with APT groups amplifies the potential damage; these groups are known for their targeted attacks and persistence.

Practical Advice to Strengthen Your Defenses

As an HR executive, it’s critical to do your part to protect your organization from cyberthreats. Here are five strategies to defend your company during the hiring process: 

  1. Enhance vetting processes: Implement stringent background checks and use reputable third-party services to help verify identities and uncover inconsistencies. Utilize Form I-9 and conduct thorough interviews, incorporating video calls and targeted questioning. Pay close attention to any discrepancies or hesitations, especially regarding previous employment and education.
  2. Evaluate freelance hires with extra precaution: Vet staffing firms thoroughly, avoid direct recruitment through online IT competitions, and research each individual candidate. Request documentation of background checks, verify financial information, and consider requiring notarized proof of identity. 
  3. Implement technical vigilance: Be on the lookout for technical red flags. IT teams should conduct traceroutes to detect unusual latency patterns, monitor for the use of specific VPN services, and verify phone numbers for Voice over Internet Protocol (VoIP) usage. These technical indicators can provide valuable clues about a candidate’s true location and intentions. Additionally, monitor network traffic for any suspicious activity indicating APT involvement.
  4. Scrutinize financial transactions: Require the use of banks within the host nation and closely monitor any involvement with foreign exchange services. Be wary of requests for prepayment or unusual payment methods. Implement strict financial controls and regularly review transactions for any anomalies that might suggest illicit activity.
  5. Educate and empower your team: Provide HR departments and hiring managers with comprehensive training on IT worker tactics, techniques, and procedures (TTPs), as well as the strategies employed by APT groups. Teach employees to spot potential threats, including inconsistencies in resumes, suspicious online behavior, and potential red flags during interviews. It is unknown if AI can spot these threats when scanning job candidates.

Recognizing the Red Flags

Here are a few common warning signs to look for when hiring:

  • Reluctance to appear on camera. An unwillingness to engage in video calls or interviews is a major warning sign. Insist on video communication whenever possible to establish a visual connection and verify identity.

  • Concerns about drug tests or in-person meetings. This apprehension could indicate a desire to avoid physical verification. Remote work is increasingly common, but be wary of candidates who consistently refuse to meet in person or undergo standard pre-employment procedures.

  • Suspicious behavior during coding tests and interviews. Watch for excessive pauses, eye movements that suggest reading from a script, and answers that sound plausible but are incorrect. These behaviors can indicate dishonesty or attempts to conceal a lack of genuine expertise.

  • Inconsistent online profiles. Discrepancies between online profiles and resumes, or a lack of an online presence altogether, can raise concerns. Conduct thorough online research to verify a candidate’s background and professional experience.

  • Rapid changes in home address. Frequent changes after hiring could suggest a lack of genuine ties to a location. Be cautious if a candidate’s address changes frequently or if they are unable to provide a stable physical address.

  • Education and employment inconsistencies. Education from certain universities in Asia combined with employment primarily in the U.S., South Korea, or Canada can be a warning sign. Scrutinize educational credentials and employment history for any inconsistencies or gaps.

  • Financial demands and language preferences. Be wary of repeated requests for prepayment or a preference for Korean while claiming to be from a region that does not speak the language. These can be indicators of potential fraudulent activity.

Staying Ahead of the Threat

The threat posed by fraudulent IT workers in North Korea, particularly when blended with APT operations, demands unwavering vigilance and a proactive approach to security. By implementing robust security measures, fostering a culture of awareness, and staying informed about the latest TTPs, you can significantly reduce your risk. 

Remember, protecting your company’s valuable assets requires a proactive and vigilant approach. If you prioritize security and remain informed, you can safeguard your business from this stealthy and sophisticated cyberthreat. 
 

Michael (Barni) Barnhart is the lead for all of Democratic People’s Republic of Korea operations within Mandiant. He’s spent 19 years as an intelligence professional, starting with human intelligence collection doing tactical raids, interrogations, and source operations with regular U.S. Army and Special Operations.

Recruiting
Risk Management
Talent Acquisition

Artificial Intelligence in the Workplace

​An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.



Related Content

Kelly Dobbs Bunting speaks onstage at SHRM24
(opens in a new tab)
News
Why AI+HI Is Essential to Compliance

HR must always include human intelligence and oversight of AI in decision-making in hiring and firing, a legal expert said at SHRM24. She added that HR can ensure compliance by meeting the strictest AI standards, which will be in Colorado’s upcoming AI law.

(opens in a new tab)
News
A 4-Day Workweek? AI-Fueled Efficiencies Could Make It Happen

The proliferation of artificial intelligence in the workplace, and the ensuing expected increase in productivity and efficiency, could help usher in the four-day workweek, some experts predict.

(opens in a new tab)
News
How One Company Uses Digital Tools to Boost Employee Well-Being

Learn how Marsh McLennan successfully boosts staff well-being with digital tools, improving productivity and work satisfaction for more than 20,000 employees.

HR Daily Newsletter

Stay up to date with the latest HR news, trends, and expert advice each business day.

Success title

Success caption

Manage Subscriptions
  • About SHRM
  • Careers at SHRM
  • Press Room
  • Contact SHRM
  • Book a SHRM Executive Speaker
  • Advertise with Us
  • Partner with Us
  • Copyright & Permissions
  • Post a Job
  • Find an HR Job
Follow Us
  • LinkedIn
  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • SHRM Newsletters
  • Ask An Advisor

© 2025 SHRM. All Rights Reserved

SHRM provides content as a service to its readers and members. It does not offer legal advice, and cannot guarantee the accuracy or suitability of its content for a particular purpose. Disclaimer


  1. Privacy Policy

  2. Terms of Use

  3. Accessibility

Join SHRM for Exclusive Access to Member Content

SHRM Members enjoy unlimited access to articles and exclusive member resources.

Already a member?
Free Article
Limit Reached

Get unlimited access to articles and member-exclusive resources.

You've reached the limit of 1 free article this month. Join to access unlimited articles and member-only resources.

Already a member?
Free Article
Exclusive Executive-Level Content

This content is for the SHRM Executive Network and Executive Content Subscription members only.

You've reached the limit of 1 free article this month. Join the Executive Network and enjoy unlimited content.

Already a member?
Free Article
Exclusive Executive-Level Content

This content is for the SHRM Executive Network and Executive Content Subscription members only.

You've reached the limit of 1 free article this month. Join and enjoy unlimited access to SHRM Executive Network Content.

Already a member?
Unlock Your Career with SHRM Membership

Please enjoy this free resource! Join SHRM for unlimited access to exclusive articles and tools.

Already a member?

Your membership is almost expired! Renew today for unlimited access to member content.

Renew now

Your membership has expired. Renew today for unlimited access to member content.

Renew Now

Your Executive Network membership is nearing its expiration. Renew now to maintain access.

Renew Now

Your membership has expired. Renew your Executive Network benefits today.

Renew Now