FBI PSA – Additional Guidance on the Democratic People’s Republic of Korea Information Technology Workers

The FBI’s Internet Crime Complaint Center (IC3) is issuing an updated Public Service Announcement (PSA) to help organizations better understand and guard against the inadvertent recruitment, hiring, and facilitation of Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea) information technology (IT) workers.

In 2022, the U.S. and the Republic of Korea (ROK, a.k.a. South Korea) issued public advisories to provide detailed information on how DPRK IT workers operate, and identified red flag indicators and due diligence measures to help companies avoid hiring DPRK freelance developers and to help freelance and digital payment platforms identify DPRK IT workers abusing their services. This update identifies new tradecraft used by DPRK IT workers since the release of the 2022 advisories, including new indicators of potential DPRK IT worker activity and additional due diligence measures the international community, private sector, and public can take to prevent the hiring of DPRK IT workers. The hiring or supporting of DPRK IT workers continues to pose many risks, ranging from theft of intellectual property, data, and funds, to reputational harm and legal consequences, including sanctions under U.S., ROK, and United Nations (UN) authorities. The PSA lists several methods organizations can take to help defend against this activity. To report an incident or file a complaint, visit the FBI’s Internet Crime Complaint Center. Read the full PSA here.