Is Your Crypto Dev North Korean? The Shocking Truth About DPRK IT Workers
Published: 2025-06-03
Status:
Available
|
Analyzed
Published: 2025-06-03
Status:
Available
|
Analyzed
Predictions from this Video
Incorrect: 0
Prediction
Topic
Status
DPRK IT workers emerged as a significant cyber threat category in 2024, joining traditional threats like exploits, malware, and ransomware.
"in 2024 the top trends this year see the usual suspects like exploits malware and ransomware joined by a fresh new category DPRK IT workers."
Pending
In 2024, DPRK IT workers were identified as the most common cyber threat group in the Americas.
"DPRK IT workers were the single most frequently observed cyber threat group in the Americas last year."
Pending
A significant percentage of Fortune 500 companies have unknowingly hired North Korean IT workers, with many hiring multiple individuals.
""I've talked to a lot of CISOs at Fortune 500 companies and nearly everyone that I've spoken to about the North Korean IT worker problem has admitted they've hired at least one North Korean IT worker if not a dozen or a few dozen.""
Pending
Mandiant estimates that thousands of North Korean IT workers have been hired by Western companies.
"Mandian estimates them to number in the thousands"
Pending
A single North Korean IT worker was found to be using at least 12 fake identities to secure employment in the US and Europe.
"one suspected DPRK IT worker identified by Mandant last year was using at least 12 personas to seek employment in the US and Europe"
Pending
SentinelOne received approximately 1,000 job applications from North Korean IT workers in 2023.
"Sentinel 1 revealed that it had received around 1,000 job applications from DPRK IT workers in 2023"
Pending
North Korean IT workers have been successfully employed across various US industries, including finance, telecom, media, entertainment, retail, and tech.
"DPRK IT workers have been hired in America's financial services telecommunications media and entertainment retail and tech industries"
Pending
Notable employers of North Korean IT workers include major media networks, tech companies, defense contractors, auto manufacturers, and luxury retailers.
"their employers have included a top five major television network a Silicon Valley technology company an aerospace and defense company an American car manufacturer a luxury retail store and a US Hallmark media and entertainment company"
Pending
Some companies have hired as many as ten North Korean IT workers.
"some companies hiring up to 10 of them"
Pending
A laptop farm, allegedly run by a facilitator, impacted over 300 US companies and utilized approximately 70 stolen identities.
"a US grand jury indictment against a suspected facilitator estimated that their laptop farm affected more than 300 US companies using around 70 stolen identities"
Pending
The facilitator's scheme generated an estimated $17 million for both the facilitator and North Korea.
"the scheme reportedly made around $17 million for Chapman and the DPRK"
Pending
Law enforcement agencies were the primary source of notification for organizations affected by North Korean IT worker activity investigated in 2024.
"Many of the suspected DPRK IT worker cases Mandant investigated in 2024 stemmed from notifications provided to impacted organizations by law enforcement organizations"
Pending
North Korean IT workers, due to their elevated system access, are well-positioned to engage in corporate espionage, intelligence gathering, and intellectual property theft, although this is not their primary activity.
"remote workers often gain elevated access to modify code and administer network systems and this makes them very well positioned to perform a variety of malicious activities including corporate espionage intelligence gathering and intellectual property theft"
Pending
To date, North Korean IT workers have largely adhered to their job responsibilities in investigated cases.
"In incident response engagements to date North Korean IT workers have primarily functioned within the scope of their job responsibilities"
Pending
The targeting strategy of North Korean IT workers appears to be opportunistic rather than driven by specific objectives.
"the organizations DPRKIT workers target appear to align more with opportunistic targeting than with a given targeting objective"
Pending
The primary strategy of North Korean IT workers is to perform their jobs diligently and collect their paychecks.
"the strategy appears to be doing a hard day's work and collecting a monthly paycheck like everyone else"
Pending
North Korea's international trade remains significantly lower than its 2016 levels.
"the DPRK's international trade is still a fraction of 2016 levels"
Pending
North Korean IT workers are expected to earn at least $100,000 annually, with 30-40% of their earnings being sent back to Pyongyang.
"The defector and former IT worker told Reuters that all IT workers are expected to earn at least $100,000 annually of which 30 to 40% is repatriated to Pyongyang"
Pending
One source estimates the net annual income generated by North Korean IT workers for the DPRK to be approximately $220 million.
"we can roughly estimate a net annual income of about $220 million based on this source's information"
Pending
The US government estimates the annual revenue generated by North Korean IT workers to be between $250 million and $600 million.
"the US government's estimate of $250 million to $600 million per year"
Pending
North Korean-run restaurants in foreign countries generate an estimated $700 million in revenue, surpassing the IT worker program.
"the same UN report pegs the amount of revenue generated by DPRK run restaurants in foreign countries at $700 million"
Pending
The Lazarus Group is alleged to be responsible for the Bybit hack in February, which resulted in the theft of nearly $1.5 billion in cryptocurrency.
"the Adventures of the Lazarus Group they were allegedly behind February's blockbuster buybit hack which rad in almost $1.5 billion worth of crypto in a matter of hours"
Pending
In 2024, Mandiant observed two instances of malicious activity by North Korean IT workers, both occurring after their exposure.
"Mandant observed two cases of malicious activity both of which took place after a DPRK IT worker was exposed"
Pending
The North Korean IT worker program is expanding its operations into Europe.
"the IT worker program has been increasing its presence in Europe"
Pending
North Korean IT workers are actively developing projects on Solana, Cosmos, and other blockchain platforms, including AI web applications.
"DPRK IT workers have been building projects on Salana Cosmos and an unspecified blockchain AI web app"
Pending
Having a developer who is North Korean is considered a compliance risk.
"if your dev is a North Korean no offense it's just a compliance thing"
Pending