North Korea’s IT operatives are recruiting freelancers through platforms like Upwork and Freelancer to provide proxy identities for remote jobs, bypassing barriers like fabricated IDs. Operatives redirect most of the pay to themselves through cryptocurrencies or bank accounts, while victims unknowingly hand over remote access to their computers.

Recruits are used to verify accounts, install remote-access software, and keep the device online while operatives apply for jobs and interact with clients. Some recruits are unaware, while others seem complicit. Recent arrests in the US reveal North Korean IT workers using stolen identities to appear as US-based employees.

North Korea targets vulnerable individuals globally, including low-income people and those with disabilities, to access high-value corporate jobs. The country has infiltrated the tech and crypto industries to fund missile and weapons programs. North Korean operatives use stolen identities to bid on projects and receive payments through traditional financial channels.

Despite increased awareness, platforms still struggle to detect North Korean operatives due to the use of real identities and local internet connections. Recruits are instructed to use family members to open new accounts when suspicious activity is detected. The model of using proxy identities makes accountability and attribution difficult.

The key red flag for individuals interacting with North Korean operatives is any request to install remote-access tools or allow someone to work from their verified account. Legitimate hiring processes do not require control of devices or identities. Detection of unusual behavior triggers red flags, but the person behind the keyboard remains hidden from freelancing platforms and clients.

Read more at Cointelegraph: Are You a Freelancer? North Korean Spies May Be Using You