North Korea has been infiltrating teleworkors with false identities in United States companies. After that country became more hostile, the actor’s attention turned to Europe. According to the FBI, the Department of Justice and Googlewhat these employees pursue is to get income to finance the North Korea Nuclear Program. He modus operandi It was a great unknown. Until now.
A framework without any improvisation. A cybersecurity researcher who responds to the name of Sttyk It was made with a database that has shown the environment Wired. The files include, according to Sttyk, “dozens of data gigabytes” and “thousands of emails.” From this information an organized workers’ structure is extracted in twelve groups, which in turn have approximately other twelve members. They respond to a general “master boss.”
Organization in spreadsheets. The group works using the Slack communication tool, Google, Github and spreadsheets accounts. In the latter, an exhaustive follow -up of the works and the progress of the objectives, both economic and strategic, is made.
They even collect the needs of specific jobs (required programming languages) of the companies to attack and their locations, with a record of whether there have been contact with the companies or progress of the process.
How they get work. A few days ago, the BBC collected Jin-Su’s testimonya false North Korean teleworking that managed to defect. He said that most of the time of his work focused on acquiring fraudulent identities to request work. He went through Chinese, but aware that he needed Western identities, more attractive to the labor market, he got identities of people from Hungary, Türkiye or the United Kingdom.
From there, the most involved workers in the process of getting work are the ones who most dominate English, although the fact that communications with technology companies are done by platforms such as Slack helps a lot. Also that many interviews are not made face to face, although that can be reversed with the proliferation of interviews made with artificial intelligence. Researchers have found identical curriculum among the suspects of being false workers.
What jobs do they point to. We knew that false teleworkors were looking for employment in technology companies. The filtration is confirmed and limited to the areas: artificial intelligence, blockchain, Bots development, web development and mobile apps and desktop, CMS development, etc.
The question of income. Jin-Su said that several works between the United States and Europe, earned about $ 5,000 per month. From what I entered, I had to pay 85% to North Korea, and even so, he said “it is much better than when we were in North Korea.” According to a United Nations report in March 2024, workers manage to generate between 250 and 600 million euros per year for their country of origin.
The money they retain has a lot of value when they return to their country (many work from Russia or China, where they have more freedom), so the reasons for dropout lose weight.
In parallel to this group of teleworkors operate the hackers that They steal cryptocurrencies To pass at the hands of the regime. Only in a blow in March this year they got 1,500 million, but in December 2024 they accumulated Other 1.3 billion in 47 blows.
Working conditions that scare. The filtration presents a scenario that, although better than the one in North Korea, is nothing flattering for the workers involved in the plot. According to a Slack recording, the boss’s account stated in a message that “everyone should work more than at least 14 hours a day.” Although it sounds a lot, it does not perform from the model of some Silicon Valley companies or of the Elon Musk vision and its 120 hours per week.
GIPHY App Key not set. Please check settings