OFSI_Advisory_on_North_Korean_IT_Workers.pdf (282 KB)

The UK OFSI advisory says UK firms are almost certainly being targeted by DPRK IT workers posing as freelance third-country technology workers to generate revenue for the North Korean regime. The workers are assessed as using online freelance platforms, false identities, aliases, proxies, VPNs, VPS infrastructure, remote desktop tools, and witting or unwitting enablers to hide their nationality and location. The advisory highlights red flags including inconsistent biographical details, refusal to appear on camera, account access from multiple IP addresses, shared account templates, identity-renting arrangements, and alternative payment channels such as EMIs, MSBs, and cryptoasset exchanges. OFSI warns that these workers may gain privileged access to sensitive company information and that payments to them can create sanctions, money-laundering, and proliferation-financing exposure because the revenue supports DPRK military and WMD-related programs.