North Korean IT workers have been using shell companies established across China to secure employment at Western firms, including some of the largest corporations in the United States, according to a May 13 report by U.S.-based outlet Axios.
In its newly released report, cybersecurity firm Strider Technologies identified 35 China-based firms tied to North Korean IT operations. These entities are believed to be linked to Liaoning China Trade Industry, a company already sanctioned by the United States for providing laptops, graphics cards, and networking equipment to Bureau 53 of North Korea’s Ministry of People’s Armed Forces.
The report also named several Chinese firms that allegedly provided funding to these operations, including Dandong Deyun Trade (registered as a textile and electronics wholesaler), Guangzhou Aiyishi Trade (cosmetics and clothing), and Yongping Zhuoren Mining (minerals and construction materials).
North Korea has long used covert IT employment schemes to finance its weapons programs, including ballistic missile development. Axios reported that even Fortune 500 companies have struggled with such infiltration but have largely stayed silent to avoid reputational damage.
At last month’s RSA Conference, Google revealed that it had received job applications from North Korean operatives. Cybersecurity companies SentinelOne and KnowBe4 also acknowledged having unintentionally hired North Korean IT workers.
Greg Levesque, CEO of Strider Technologies, said that North Korean operatives have shifted their focus from simple revenue generation to targeting intellectual property and proprietary data.
Levesque acknowledged that the scale and complexity of the operation are significantly greater than initially believed. He emphasized that developing advanced detection tools, specifically those capable of automatically identifying falsified or misleading job applications, will be essential in effectively addressing the issue.