NK_it.pdf (117 KB)

Japanese authorities warn that North Korean IT workers are suspected of impersonating Japanese nationals to obtain work through online contracting platforms used by Japanese companies. The advisory says these workers often falsify identity documents, use local proxies or mismatched payment accounts, operate from countries such as China, Russia, and Southeast Asia, and rely on VPN or remote desktop access. Platform indicators include repeated use of the same identity document, multiple accounts from the same IP address, rapid access from multiple IPs, unusually long login or work hours, unnatural Japanese, low-price offers, and proposals to move work off-platform. The notice also links payments for such work to sanctions and domestic legal risks because revenue may support North Korea’s nuclear and missile programs, and it notes possible involvement by these workers in information theft and other malicious cyber activity.