a person in a hoodie sitting in front of a laptop
Share this @internewscast.com

BRITS could be helping North Korean spies pose as IT workers to infiltrate Western companies, an intelligence report has warned.

The fake IT workers are hired for fully remote jobs using stolen or fake identities to earn cash for Kim Jong-un’s regime.

a person in a hoodie sitting in front of a laptop
North Korean spies are posing as fake IT workers to infiltrate UK companiesCredit: Getty
Kim Jong-Un in Vladivostok.
The cash from the IT worker scams is being sent straight back to Kim Jong-un’s regimeCredit: Getty
a rocket is launched into the sky over the ocean
It is thought to be being used to fund North Korea’s evil military program

Once inside the North Korean fraudsters exploit the companies – stealing funds and information.

The scams have had a devastating impact on companies across the country and left them wondering just how North Korea pulled them off.

Now, an intelligence report has revealed that Brits could have been helping all along.

The latest findings from Google’s Threat Intelligence reveal that North Korean operatives employ “local facilitators” to assist them in securing employment and verifying their identities.

These intermediaries utilize remote desktop software enabling North Korean workers to access a company’s internal servers remotely, creating the illusion of being based within the country.

Google’s investigation uncovered that a laptop provided by a U.S. firm was operating out of London, raising concerns that British individuals might be entangled in this dubious network.

Principal i3 Insider Investigator at DTEX Systems, Michael Barnhart, told The Sun: “The London-based facilitator previously acted as the primary ‘farmer’ and enterprise representative in the operation, having established a front company in collaboration with another facilitator who was the main North Korean IT worker.”

Barnhart said that all evidence of the operation has now been removed.

This follows a wider trend across the US where American citizens have been accused of helping the fake IT workers remain undetected.

Matthew Knoot, 38, was arrested for allegedly helping North Korean workers in Nashville, Tennessee last year.

Kim Jong Un blows up the ground in North Korea as part of a building project

Knoot allegedly helped the workers use stolen identities to pose as US citizens and hosted company laptops at his home.

From there he ran a “laptop farm” – allowing the North Korean actors to log in to the computers from China.

Knoot is also believed to have helped launder money from the remote IT jobs to accounts tied to North Korean and Chinese actors.

United States Attorney Henry Leventis said at the time that Knoot helped funnel hundreds of thousands of dollars to the North Korean government through the scheme.

HOW DO THE SCAMS WORK?

The North Korean spies reportedly use stolen or fake identities to set up accounts on remote job sites – including LinkedIn, Upwork and Freelancer – to apply for work.

And to make sure they’re not detected they use “aliases, false or fraudulent personae and proxies,” according to the HM Treasury’s Office of Financial Sanctions Implementations.

Once they make it to interview stage, they often use AI-generated deepfakes to look and sound like the person they are claiming to be.

These AI deep-fakes are becoming increasingly easy to purchase, with a full identity complete with an ID doc and proof of address available from as little as $200 on the dark web. 

Head of National Security Intelligence at Chainanalysis Andrew Fierman told The Sun: “All you need are a few photos and a very small clip of voice of the person you’re attempting to be and you can effectively be that person”

Photo of an Estonian passport's data page, showing security features and holder's information.
A fake passport belonging to a North Korean worker posing as an EstonianCredit: DTEX Systems
Polish identity card.
An identity card belonging to a North Korean worker posing as a PoleCredit: DTEX systems

After being recruited the North Korean workers use their stolen credentials to breeze through the onboarding process.

And they often ask their employers to send their work laptops to front addresses – run by “local facilitators” – which allows them to remain undetected.

Once fully onboarded the fraudsters work hard to establish themselves within the company, gaining its trust before they pounce.

Companies often allow high-performing workers to refer future employees – allowing them to slowly amass an army of cyber warriors.

They then set about hatching plans to “exploit and steal funds from the organisations”. 

Fierman explained that there are a number of cunning tactics that the North Korean workers use.

Fierman said: “It’s all about getting someone within an organisation to give you an access point unknowingly.”

He added: “For example, if it’s bonus season and North Korea knows it’s bonus season at your organisation, they might send out an email saying here’s the details of your upcoming bonus.

“Somebody is going to get excited and click the link and then they’ve given North Korea access to the entire infrastructure of their organisation.”

These sly tactics allow the North Korean workers to access sensitive information as well as money.

They reportedly use this information as a bargaining chip if needed – dishing out threats of sharing it with competitors.

UK sanctions on North Korea

DPRK targets are on OFSI’s  consolidated list of financial sanctions and are subject to an asset freeze.

This regime also includes sectoral financial sanctions, which contain both restrictions and requirements. These include those placed on:

  • The sale or purchase of bonds
  • DPRK credit and financial institutions including branches, subsidiaries and representative offices)
  • UK credit and financial institutions from dealing with DPRK credit and financial institutions (including branches, subsidiaries and representative offices)
  • Representative offices belonging to designated persons
  • Business arrangements with designated persons
  • Financial support for trade
  • Investment and commercial activities
  • Bank accounts for DPRK diplomats and diplomatic missions
  • Leasing or, otherwise making available, real property

Source: HM Treasury’s Office of Financial Sanctions Implementations (OFSI)

KIM’S CASH-STARVED REGIME

North Korea has been hit by many sanctions over the years forcing Kim Jong-un to think outside the box.

The tyrant has long relied on cyber activity to fund his cash-starved regime and the fake IT worker scams are the latest in a string of shady tactics.

Fierman told The Sun: “None of these North Korean workers are operating of their own will or fruition, they’re doing it on behalf of the North Korean government.”

And it’s thought that the money is going straight into the country’s weapons programmes.

A UN investigation in 2022 confirmed these suspicions and said that cyber attacks were an “important revenue source” for Pyongyang’s nuclear and ballistic missile programme

The recent worker scams come after a shocking crypto heist saw North Korea’s Lazarus Group accused of stealing $1.2billion back in February.

Hackers were able to gain control of an Ethereum wallet and rip all of its contents, in what has been dubbed the largest heist in crypto’s history.

Share this @internewscast.com
You May Also Like
Alan Dershowitz Drops Bombshells, Says There Is in Fact an Epstein Client List—and He Knows Who's on It

Alan Dershowitz Reveals Shocking News: Confirms the Existence of an Epstein Client List and Claims to Know Who’s Included

Many observers were left dissatisfied with the conclusions, as the department had…
Military amphibious vehicles in the water.

Observe as a Massive Fleet of New Chinese ‘Tank Boats’ Takes to the Water Amid Taiwan’s Largest War Drills Yet

DRAMATIC footage captures a fleet of Chinese tank boats charging through the…
Armed men in black tactical gear aboard a ship.

Houthis Stage a Fearsome Comeback in the Red Sea, Contradicting Trump’s Claim They ‘Don’t Want to Fight’

THE Houthis have mounted a terrifying return to scourge the Red Sea…
Woman in hospital bed recovering from dog attack.

Woman, 55, Attacked by Dogs While Delivering Uber Eats Order – Dogs Grabbed Her Head

A GRAN was left seriously injured after being mauled by two dogs…
Here's What We've Learned About Those Multiple Suspended Secret Service Agents

Lessons from the Multiple Suspensions of Secret Service Agents

Susan Crabtree, a National Political Correspondent for RealClearPolitics, mentioned on X that…
Texas officials are trying to figure out who's really missing from the floods

Texas Authorities Seek to Identify True Missing Persons Amid Floods

This week in Texas, estimates indicate that 161 people are still missing…
Trump wants mass deportations, but US views of immigration are more positive since he took office

Trump Advocates for Mass Deportations, Yet American Opinions on Immigration Have Grown More Favorable Since His Presidency

WASHINGTON (AP) — Mere months after President Donald Trump’s return to office…
Flood recovery in San Marco faster with new pump station

Rapid Flood Recovery in San Marco Boosted by New Pump Station

A city spokesperson says many streets flooded in Wednesday’s deluge drained in…
Randy Couture, UFC Hall of Famer, hospitalized after racing crash

UFC Legend Randy Couture Hospitalized Following Racing Accident

The 62-year-old UFC Hall of Famer has been working to make his…
Son of ‘El Chapo’ expected to plead guilty in drug trafficking case in rescheduled hearing

‘El Chapo’s Son Likely to Admit Guilt in Drug Trafficking Case at Rescheduled Court Hearing’

CHICAGO (AP) — Ovidio Guzman Lopez, one of the sons of infamous…
Is the US seeing worse flooding this summer? Here's what's happening

Has Flooding Intensified in the US This Summer? Here’s an Overview of the Situation

Flash flooding has become a significant concern recently, with Texas, North Carolina,…
Trial date set for Austin Metcalf’s suspected killer in track meet stabbing

Court Date Scheduled for Austin Metcalf’s Alleged Track Meet Attacker

The 18-year-old suspect accused of killing high school track star Austin Metcalf…