Link Search Menu Expand Document
Publications
  1. ANNEX

ANNEX

United Nations Panel of Experts Reporting on DPRK IT Workers

The UN Security Council 1718 Sanctions Committee on the DPRK is supported by a Panel of Experts (the Panel) who gather, examine, and analyze information from UN Member States, relevant UN bodies, and other parties on the implementation of the measures outlined in the UN Security Council Resolutions addressing the DPRK. The Panel also makes recommendations on how to improve sanctions implementation by providing both a midterm and a final report to the 1718 Committee. These reports can be found at: https://www.un.org/securitycouncil/sanctions/1718/panel_experts/reports

The Panel has investigated multiple cases of DPRK IT workers, such as those subordinate to the UNdesignated Munitions Industry Department (MID), and presented information on these investigations in the Panel’s semi-annual reports, including the following:

The Panel first reported on DPRK IT workers in its 2019 Midterm Report, noting that the MID, which had been designated for its supervisory role in the development of the DPRK’s nuclear and ballistic missile programs, was using its subordinate trading corporations to station abroad DPRK information technology workers, such as software programmers and developers, in order to earn foreign currency. At the time, DPRK IT workers located in Europe, Asia, Africa, and the Middle East utilized foreign websites to obtain freelance work while disguising their identities. Alongside nonmalicious information technology work, DPRK IT workers conducted illicit work involving the theft of assets such as virtual currencies in support of DPRK cyber actors in the evasion of financial sanctions.

The Panel continued its investigation into DPRK IT workers in its 2020 Final Report, finding that most overseas DPRK IT workers are employed by companies subordinate to MID. By 2019, the MID was suspected of having dispatched at least 1,000 IT workers overseas for the purpose of revenue generation, often using subordinate entities or front companies. However, due to their obfuscation techniques, the true number of IT workers abroad and in the DPRK was unclear. The Panel noted that DPRK IT workers use several methods to obtain freelance IT work without revealing their identity, including by setting up accounts on freelance developer platforms with unwitting clients around the world, especially in China, Russia, Ukraine, Serbia, Canada, and the United States. The Panel further investigated several specific cases of DPRK IT worker teams and associated companies in China, Nepal, and Vietnam. The Panel investigated a number of DPRK IT worker teams in China and Russia, detailing their investigations in its 2020 Midterm Report. The Panel noted that hundreds of DPRK IT workers subordinate to MID were operating in China in 2019 and 2020, illicitly gaining access to freelance platform accounts in the names of third-country individuals. The Panel further noted that multiple groups of DPRK MID-subordinate IT workers were operating in Russia in 2019 and 2020, utilizing false, foreign identities to access information technology freelance platforms, virtual currency websites, and payment websites.

According to the Panel’s 2021 Final Report, DPRK IT workers can evade employers’ due diligence efforts and KYC/AML protocols by employing similar obfuscation methods as those utilized by the DPRK to access the international financial system, including providing false identification, use of VPN services, and establishing front companies. The Panel further noted that most accounts linked to the DPRK operate from locations in China. To avoid scrutiny, these accounts will go “off-site” after establishing contact with potential customers seeking to hire IT services. DPRK-linked users also target IT freelance platforms with lower levels of security or less rigorous due diligence procedures. The Panel specifically highlighted the dangers facing IT freelance platforms in performing compliance obligations and unintentionally facilitating DPRK access to international payment systems, recommending that UN Member States work with freelance IT companies to promote and enhance sanctions compliance implementation capacity and capability.

– UNCLASSIFIED –

Table of Contents