The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission. Why trust us?

North Korean hackers use VPNs to trick US businesses into hiring remote workers

The FBI has warned that North Korean hackers have been posing as remote IT workers at US firms by using VPN services. 

FBI and Department of Justice (DOJ) officials have said thousands of IT workers have been using VPNs, along with other tactics, to contract with US companies. For years, workers have secretly sent millions of dollars back to North Korea, with funds reportedly going towards its ballistic missile programme. It’s unknown when the campaign began.

Federal authorities announced the seizure of around US$1.5 million and 17 website domains used by Democratic People’s Republic of Korea (DPRK) IT workers. The scheme was used to defraud both US and foreign businesses, evade sanctions and fund the development of the DPRK government’s weapons programme, said the Department of Justice – and the investigation is still ongoing. 

Though the exact timeline is uncertain, investigators believe that over the past five years or more, IT freelancers from North Korea have secured jobs with US firms by concealing their identity. One way hackers did this was through the use of a VPN service. A VPN is a digital tool that can conceal your online identity – it masks your real IP address and keeps your geo-location hidden. Using a VPN routes your internet or app traffic through a secure and encrypted tunnel, keeping your sensitive data safe and private. 

Hackers also used several other techniques to defraud employers and falsify identities. According to authorities, North Korean IT workers stole identity documents or used counterfeit documents to pass identity checks throughout the recruitment process. Other techniques included creating fake social media accounts to boost trust signals. 

FBI officials have sounded the alarm and warned companies to be extra vigilant when hiring new individuals. It said the scheme was so prevalent that during the hiring process, interviewees should at least be seen via video to verify their true identity. Background checks should be carried out, specifically checking that the same identity has not been used with multiple online profiles. 

The DOJ said in some cases, North Korean hackers infiltrated computer networks and stole information from companies that hired them and maintained information for future hacking schemes. 

How companies can protect themselves from similar attacks

While using a VPN can be an excellent tool for warding off cyber security threats, it can also be used by bad actors. When accessing company networks, it’s a good idea to have employees, especially remote workers, switch off their personal VPNs. Cyber security can affect both businesses and individuals, and the rise in remote workers has unfortunately made cybercrime more prevalent.


Rachel Sadler

Home Tech Writer

Rachel is a seasoned writer who has been producing online and print content for seven years. 

As a home tech expert for Independent Advisor, Rachel researches and writes buying guides and reviews, helping consumers navigate the realms of broadband and home security gadgets. She also covers home tech for The Federation of Master Builders, where she reviews and tests home security devices. 

She started as a news and lifestyle journalist in Hong Kong reporting on island-wide news stories, food and drink and the city’s events. She’s written for editorial platforms Sassy Hong Kong, Localiiz and Bay Media. While in Hong Kong she attended PR events, interviewed local talent and project-managed photoshoots. 

Rachel holds a BA in English Language and Creative Writing and is committed to simplifying tech jargon and producing unbiased reviews.