Canada’s national police force is warning businesses that North Korean agents may be posing as remote IT workers — using freelance platforms to infiltrate companies, steal data, and help fund the regime’s weapons programs.The Mounties posted an X link to their official advisory Wednesday, which was retweeted by CSIS Thursday morning. The advisory is further backed by Public Safety Canada, Global Affairs Canada, FINTRAC, and the Canadian Centre for Cyber Security.Canada, in response to North Korea’s “aggressive actions and illicit weapons programs,” has imposed sanctions under the United Nations Act and the Special Economic Measures Act. Any Canadians found to breach regulations under these Acts are subject to serious consequences..RCMP official defends comments linking ‘traditional values’ to ‘extremist’ values.In a warning message to “alert Canadians and Canadian businesses of the risks posed by IT workers deployed by the North Korean government,” the RCMP listed numerous threats, including legal consequences under Canadian sanctions, data vulnerability and theft, corporate espionage, and even being guilty of “indirectly contributing to North Korea’s weapons of mass destruction and ballistic missile programs, which are prohibited by the United Nations (UN) Security Council.”“State-affiliated IT workers from North Korea seeking employment are known to pose as legitimate freelancers based in other nations offering IT development services to a wide range of sectors,” wrote the RCMP.The most targeted sectors include:Mobile/web application development (including in gaming and online gambling)General IT supportGraphic animationDatabase and online platform developmentHardware and firmware development.CSIS warned Ottawa that Beijing had big plans for Canada as far back as 2014 .“North Korean IT workers seek to gradually access and establish networks in key sectors, gain transferable skills and facilitate future malicious cyber activities,” said the RCMP.“North Korean IT workers are usually competent, highly qualified, and skilled in the services they provide.”To hide their identity, North Korean operatives use the following strategies:Virtual private networks (VPNs) and virtual private servers (VPSs) to encrypt trafficVoice Over Internet Protocol (VOIP) and encrypted messaging applicationsAI-enabled deepfake technologies to disguise appearancesPaying nationals of other countries (proxies) to use their personal information or accounts on employment platformsUnder the sanctions, “it is prohibited for any Canadian, including Canadian businesses abroad or persons in Canada, to conduct activities specified in the regulations under these Acts.”.EXCLUSIVE: CSIS hiring for diversity within ‘all levels’ of agency.The RCMP says Canadian businesses must report transactions suspected to be related to the commission of a money laundering, terrorist financing or sanctions evasion offence to FINTRAC.“Contravening sanctions is a criminal offence, subject to fines and/or imprisonment. Under the United Nations Act, the maximum penalty on summary conviction is a $100,000 fine or a 1-year prison term, or both,” warned the RCMP.“Convictions on indictment may result in a maximum 10-year prison term.”“Under the Special Economic Measures Act, the maximum penalty on summary conviction is a $25,000 fine or a 1-year prison term, or both. Conviction on indictment may result in a maximum five-year prison term.”The RCMP and the Canada Border Services Agency will be monitoring possible contraventions of these Acts and enforcing compliance..HOLY CRAP: North Korea accused of bombarding South with balloon loads of excrement.Through privileged access to companies’ networks and critical infrastructure, North Korean IT workers may embed passive malware and backdoors in code to collect information, monitor traffic, or enable future exploitation — putting companies at risk of corporate espionage and data theft.Small businesses and start-ups are especially attractive targets, as they often lack the resources to thoroughly vet job applicants and are more likely to hire cheap, qualified freelance labour.The RCMP encourages companies to report suspicious individuals, accounts, transactions, or cyber incidents to the Government of Canada via contacts listed under “Resources.”Red flags of potential North Korean IT workers include:Frequent money transfers through online payment platformsRequests for payment in cryptocurrencyMultiple logins into a single account from IP addresses in various countriesInconsistencies in personal information (e.g. name, language, nationality, education, location, work history)Hesitation or failure to provide identification or documentationRefusal or inability to join voice or video callsUse of AI-enabled deepfakes during meetingsBids or fees well below market averageWillingness to begin work without a contract or payment terms.Trudeau met with notorious Chinese kingpin under RCMP surveillance.Recommended due diligence measures include:Avoid cryptocurrency payments or money transfers to various bank accounts for a single individualScrutinize documentation for inconsistencies or signs of forgeryConduct interviews via video and use diverse communication methodsDuring remote meetings, look for clues that deepfake technology may be in useVerify credentials through direct contact with listed schools and previous employersNorth Korea has long prioritized science and technology as part of its national strategy. In 2019, it reformed its education system to further cultivate sci-tech talent, noted the Mounties.Since its first nuclear test in 2006, North Korea has faced escalating United Nations sanctions. Canada imposed additional sanctions under the Special Economic Measures Act in 2011 to condemn Pyongyang’s growing aggression.Despite international restrictions, North Korea has used increasingly sophisticated tactics to dodge sanctions and fund its weapons programs — often through payments to IT workers abroad. The RCM says according to security firms, North Korea may be behind billions of dollars in cryptocurrency theft since 2021, targeting crypto service providers and infrastructure.
