Infiltration of North Korean software engineers into American technology companies

According to Isna, the Wall Street Journal in a report investigated North Korea’s covert cyber operations to finance government programs of this country and claimed that these operations are carried out through remote employment schemes in the field of information technology and targeting foreign companies.

The American newspaper notes in this report that these operations involve North Korean-trained software engineers working undercover at foreign companies using fake or stolen identities.

This report focuses on the narrative of “Anton Koh”; A person identified as a former citizen of North Korea who previously worked as a software developer under the supervision of the country’s government. According to the report, Anton was listed on the internal staff list of a California-based company as a telecommuter with a professional profile and an email address associated with the United States, but was actually living in a government-run dormitory in China and operating as part of an organized program directed by North Korean officials.

According to this media, Anton was one of many elite cyber operatives who were identified, trained and sent abroad by the North Korean government. Their mission has been to earn foreign currency by obtaining remote IT jobs, particularly from American companies, using fake identities. According to the report, Anton contacted dozens of Americans every day, introducing himself as a software engineer and offering cooperation.

The report also notes that Anton’s account offers a rare glimpse into North Korea’s cyber workforce. This newspaper cited the estimates of Google’s “Mandiant” division, according to which North Korean cyber operatives have managed to infiltrate hundreds of large companies on the “Fortune 500” list. It is also stated in this report that more than 40 countries have been the target or place of activity of North Korea’s cyber employment network; The issue is based on the findings of a US-led consortium documenting sanctions violations.

These cyber activities have generated up to 800 million dollars in revenue for North Korea in 2024. The newspaper stated that American companies were the top targets due to their higher salary level and informational value. The report also notes that North Korean agents often enlisted the help of people in the United States who kept computers at their locations. This method allowed North Korean agents to remotely access these systems while appearing to operate inside the United States.

The report also stated that the American authorities have prosecuted some of the people involved in facilitating these operations. According to the report, four American citizens have pleaded guilty to helping North Korean IT workers get jobs at more than 136 American companies. This newspaper introduced these workers as one of the important sources of income for North Korea and reported that the government of this country confiscates up to 90% of their income.

The report cited Nam Bada, head of a human rights organization based in Seoul. He has interviewed former North Korean citizens, including Anton, and said that even a small number of these IT workers could generate enough income to finance the missile program.

The report also emphasizes that Anton’s account has been confirmed by South Korean authorities and is consistent with the findings of UN reports and cybersecurity researchers. Only a small number of North Korean cyber operatives have ever defected from the country or made their experiences public, the report said.

Anton was identified as a talented student from an early age and was placed on the specialized path of software development. The report explains that he studied at elite educational institutions and was then sent to work abroad. After arriving in China, he worked up to 16 hours a day and lived in a shared dormitory with other North Korean workers.

This newspaper has also described the harsh working conditions and supervision. The report states that workers’ incomes were closely monitored and they only received a small portion of their earnings. Anton said that workers were under intense pressure to meet financial targets and felt humiliated if these targets were not met.

This report also mentions the operational methods of these factors. According to the report, Anton would hire some Western developers to apply for jobs under his identity, while he did the technical work and they would receive a share of the revenue. Some people also provided copies of their identification documents, which were later used to obtain more jobs.

The Wall Street Journal emphasizes that the expansion of remote work during the Covid-19 pandemic created new opportunities for these workers, and the increase in remote employment made it easier for these agents to obtain jobs. Also, technological tools such as artificial intelligence and image changing software helped them to hide their identity.

According to this report, after gaining access to foreign information, Anton gradually became suspicious of the North Korean government. He read reports that differed from the narratives of the country’s state media, which led him to question the official narratives.

In the end, the report mentioned Anton’s life after the separation from North Korea and announced that he is now working in the field of information technology in South Korea and has an independent life. He said that while he was under strict control, he also played a role in the implementation of this cyber operation.

end of message