North Korean IT workers working for Pyongyang collectively made between $600 million and $1 billion in the past year through both cybercrime and foreign employment contracts, according to the U.S. State Department.
“The DPRK uses stolen funds from its cyber program to advance its unlawful [weapons of massive destruction] and ballistic missile programs,” a department spokesperson told Voice of America on Monday, referring to the North by the acronym for its official name, Democratic People’s Republic of Korea.
“According to the UN Panel of Experts and multiple industry reports, the DPRK stole anywhere from $1 billion to $2.3 billion between 2017 and 2022 and between $600 million and $1 billion in 2022 alone,” the spokesperson added.
The spokesperson said that Washington has informed allies of Pyongyang’s cyber activities through monitoring conducted under section 702 of the Foreign Intelligence Surveillance Act (FISA), which empowers the U.S. government to conduct targeted surveillance of foreign persons located outside the United States.
The act mandates cooperation from electronic communication service providers in the U.S. government’s collection of foreign intelligence information.
“[Section] 702 reporting allowed the State Department and other agencies to notify partners and allies about illicit North Korean cyber activities,” the spokesperson said, noting that intelligence gathered through FISA last year “was vital in warning the international community, the private sector and the public about efforts by the DPRK to deploy information technology workers to fraudulently gain employment and generate revenue for its nuclear program.”
The spokesperson said that IT workers from the North “take advantage of the demand for specific IT skills to obtain freelance employment contracts from clients around the world, including in North America, Europe and East Asia,” and that employing such workers carries the risk of giving them “privileged access gained through these positions to enable malicious cyber operations.”
The U.S. government first issued an advisory in May last year saying the use of freelance IT staff by the North was a way for it to bypass U.S. and UN sanctions and earn foreign exchange for its nuclear weapons and ballistic missile programs.
The advisory added that such workers pretended to be from South Korea, Japan, or other Asian countries.
It also warned companies and potential IT employers about suspicious signs from such freelancers, including a refusal to participate in video calls and requests to receive payments in virtual currency.
Most of the money they earn is confiscated by the North Korean government, the U.S. said.
Companies who hired and paid such workers would be exposing themselves to legal consequences for sanction violations, the U.S. warned.
Trade between the North and China also suggest the regime has stepped up alternative exports to earn foreign currency amid sanctions targeting its agricultural and natural resource exports.
According to Chinese customs data from April, the North exported 30 tons of wigs and artificial eyelashes to Henan Province amounting to $11.22 million — about half of the total $22.68 million worth of hair-related products that North Korea exported to China in the same period.
Henan in particular has risen as an export destination for the North Korean wigs, leapfrogging Liaoning and Jilin provinces, which neighbor the North.
Wig production in Henan outstrips Chinese domestic demand, and the largest share of the province’s wig exports, which total $6.2 billion, are shipped to the United States, raising concerns that U.S. importers could inadvertently purchase North Korean-sourced hairpieces.
While wigs are not sanctioned under United Nations Security Council resolutions against Pyongyang, South Korea and the United States prohibit the import and resale of all North Korean goods and products made using North Korean components without prior authorization.
In 2019, the U.S. Treasury Department fined a California company $1 million after fake eyelashes it imported from two Chinese companies between 2012 and 2017 were found to contain materials sourced from the North.
BY MICHAEL LEE [email@example.com]