North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency, and defence data, spy chief warns

3 December 2024, 08:53

The NCSC also believes that UK firms are almost certainly being targeted by workers from North Korea "disguised as freelance third-country IT staff to generate revenue for the DPRK regime".
The NCSC also believes that UK firms are almost certainly being targeted by workers from North Korea "disguised as freelance third-country IT staff to generate revenue for the DPRK regime". Picture: Alamy
EJ Ward

By EJ Ward

The National Cyber Security Centre (NCSC) has issued a stark warning to UK businesses about the covert activities of North Korean workers posing as freelance IT professionals.

Listen to this article

Loading audio...

These operatives, disguised as contractors from third countries, are reportedly exploiting remote working opportunities to infiltrate companies, generate revenue for the North Korean regime, and, in some cases, compromise corporate security.

In his first major speech, Richard Horne, head of GCHQ's National Cyber Security Centre (NCSC), will say North Korean hackers were targeting cryptocurrency to raise revenue and attempting to steal defence data to improve Pyongyang's internal security and military capabilities.

The NCSC also believes that UK firms are almost certainly being targeted by workers from North Korea "disguised as freelance third-country IT staff to generate revenue for the DPRK regime".

The NCSC’s alert highlights a sophisticated strategy by the Democratic People’s Republic of Korea (DPRK) to evade international sanctions. By embedding IT workers under false identities in Western firms, the regime not only garners much-needed funds but also gains potential access to sensitive data.

This development is an escalation in the tactics employed by North Korea to bolster its economy and support its controversial military programmes.

Read more:UK must confront Russia's 'aggression and recklessness' and China’s sophisticated cyber threats, warns GCHQ chief

Read more: North Korea deepens alliance with Russia, trading troop support for advanced weapons technology to fuel nuclear programme

Cyber researchers at Mandiant uncovered this fake IT worker profile
Cyber researchers at Mandiant uncovered this fake IT worker profile. Picture: Mandiant

In a briefing, HM Treasury’s Office of Financial Sanctions Implementation (OFSI) underscored the seriousness of the issue. It is "almost certain" that UK companies are being targeted by these operatives, who use online freelance platforms to secure roles.

Often working through witting or unwitting enablers, these individuals obscure their true origins with fake credentials, aliases, and proxies.

Funds earned from these contracts are funnelled through complex laundering networks, sometimes involving cryptocurrencies, to evade detection.

The Treasury’s warning also emphasised the legal risks for UK firms. Employing or paying DPRK-linked workers could inadvertently breach financial sanctions, exposing businesses to civil penalties or even criminal charges.

While the primary motive has been financial, recent cases indicate a troubling shift. North Korean operatives have begun leveraging their access to launch cyberattacks.

In one high-profile incident, a UK-based firm unknowingly hired a North Korean contractor who later exfiltrated sensitive company data and issued a six-figure ransom demand in cryptocurrency.

“This is a serious escalation,” said Rafe Pilling, Director of Threat Intelligence at Secureworks. "No longer are they just after a steady pay check, they are looking for higher sums, more quickly, through data theft and extortion, from inside the company defences."

The arm of GCHQ warns North Korean hackers were targeting cryptocurrency to raise revenue and attempting to steal defence data to improve Pyongyang's internal security and military capabilities.
The arm of GCHQ warns North Korean hackers were targeting cryptocurrency to raise revenue and attempting to steal defence data to improve Pyongyang's internal security and military capabilities. Picture: Alamy

The activities of these IT workers are part of a broader strategy by North Korea to raise funds and enhance its cyber capabilities. The regime’s hacking groups, such as the notorious Lazarus Group, have already been implicated in high-profile cybercrimes, including cryptocurrency thefts and attempts to steal defence secrets.

The NCSC also flagged Iran’s developing cyber capabilities as a growing concern, though North Korea’s activities remain a primary focus due to their link to weapons proliferation and military advancements.

This issue is not isolated to the UK. Authorities in the US and South Korea have also reported similar infiltration attempts, with some Fortune 100 companies unwittingly hiring North Korean operatives.

More Latest News

See more More Latest News

Breaking
Breaking News

Judge dismisses Justin Baldoni's $400m defamation lawsuit against former co-star Blake Lively

Kulsuma Akter

'Violent and controlling' husband stabbed wife to death after tracing her to hostel 'where she'd gone to escape him'

Author Frederick Forsyth has died aged 86.

Frederick Forsyth, author of bestselling novel Day of the Jackal dies aged 86

Peter Brookes (L) stabbed Graeme Perks in Nottinghamshire in 2021 during a failed arson attack

Plastic surgeon jailed for life after trying to murder fellow surgeon in stabbing during failed arson attack

Locals have enjoyed some good times in Surbiton

Residents react after town named among 'UK's most boring'

The six-day event in Appleby-in-Westmorland, Cumbria, concluded on Sunday and saw its fair share of chaos, with multiple arrests and a fire breaking out on Saturday afternoon

Tents, burnt-out caravans and 123 arrests: Appleby Horse Fair ends in rubbish and chaos

The pop star, 37, opened up to fans on Instagram about her battle with the illness after she revealed earlier this month that she had been diagnosed with early stage breast cancer

Jessie J opens up about 'worst day so far' amid breast cancer battle: 'Panic, fear, tears – then corn on the cob'

Plans to let people be ‘cremated’ in boiling water could be given the go-ahead

‘Boil in the bag’ funerals could be given go-ahead as review launched

The payment is made in one lump sum to those who are eligible

How to claim winter fuel allowance after Labour U-turn

Hundreds of subpostmasters were wrongly accused of stealing from the Post Office.

More than £1 billion in compensation paid to over 7,000 victims of Horizon IT scandal, government says

Andy Murray on Centre Court, which has been renamed Andy Murray Arena, on day one of the HSBC Championships at The Queen's Club

Andy Murray apologises for ‘diabolical’ state of his tennis at Queen’s ceremony

The samurai sword killer of a 14-year-old boy is a ‘flat Earther’ and conspiracy theorist who was a fan of Elon Musk, the Old Bailey heard.

Samurai sword killer of boy, 14, ‘was ‘flat Earth’ conspiracy theorist and fan of Elon Musk’

Formal identification has yet to take place however the family of missing man Cole Cooper, 19, has been informed.

'Devastated' family of missing teen Cole Cooper left with 'unanswered questions' after police recover body

Poland scrambled fighter jets around 2am on Monday morning in response.

NATO jets scramble after Russia launches strike on Ukraine

Marcus Fakana has been sentenced to one year in jail - he has now pleaded to Sheikh Mohammed Al Maktoum to pardon him

British teenager jailed in Dubai over 'holiday romance' with girl, 17, pleads with Sheikh ruler for his release

A 14-year-old boy who was stabbed to death in Manchester has been named locally as Ibrahima Seck

Pictured: Boy, 14, killed in 'horrific' stabbing in Manchester - as two teenagers arrested on suspicion of murder