On May 16, 2022, the US Departments of State and Treasury and the Federal Bureau of Investigation (“FBI”) issued a joint advisory alert to the public about attempts by the Democratic People’s Republic of Korea (“DPRK” a.k.a. North Korea) and DPRK information technology (“IT”) workers posing as non-DPRK nationals to obtain employment outside of North Korea.  The Advisory provides guidance to help prevent inadvertent recruitment, hiring, and facilitation of North Korean IT workers, as the hiring or support of DPRK IT workers may create business risks that range from theft of data, intellectual property, and funds, to sanctions-related risks under both US and United Nations (“UN”) authorities.

The advisory guide provides information on how DPRK IT workers operate and notes red flag indicators and due diligence measures to help companies avoid hiring DPRK IT workers and to help platforms identify DPRK IT workers abusing their services. Below we summarize key read flag indicators and risk mitigation recommendations highlighted in the Advisory fact sheet.

Red Flag Indicators of Potential DPRK IT Worker Activity Include:

  • Logins from multiple IP addresses (often from different countries) into one account within a short period of time;
  • Frequent transfers of money through payment platforms, often to People’s Republic of China (PRC) based bank accounts or requests for payments in cryptocurrency;
  • Inconsistency in information such as in name spelling, nationality, alleged work location, contact information, educational history, work history, and other details on freelance platforms, social media profiles, payment platforms, and external portfolio websites; and
  • An inability to conduct business during regular business hours and an inability to reach the worker in a timely manner, particularly through instant communication methods.

Due Diligence Measures the Private Sector Can Take to Prevent the Inadvertent Hiring of DPRK IT Workers:

  • Verify documents submitted to you as part of job applications directly with the listed company or educational institution in order to check for a different use of contact information from what was provided on submitted documentation;
  • Carefully scrutinize identity verification documents for forgery;
  • Conduct a video interview to verify a potential worker’s identity;
  • Conduct a pre-employment background check and or biometric (fingerprint) log to verify identity and claimed location;
  • Avoid payments in cryptocurrency and require banking information verification that corresponds to identifying documents;
  • Check the name spelling, nationality, claimed location, contact information, educational history, work history, and other details are consistent across the developer’s freelance platform profiles, social media, platform payment accounts, and assessed location of hours of work; and
  • Be suspicious if a developer is unable to receive items at the address on their identifying documents.

The authors acknowledge the assistance of Vanessa Keverenge in the preparation of this blog post.


Ms. Contini focuses her practice on export controls, trade sanctions, and anti-boycott laws. This includes advising US and multinational companies on trade compliance programs, risk assessments, licensing, review of proposed transactions and enforcement matters. Ms. Contini works regularly with companies across a wide range of industries, including the pharmaceutical/medical device, oil and gas, and nuclear sectors.


Ms. Test advices clients on issues relating to licensing, regulatory interpretations, enforcement actions, internal investigations and compliance audits, as well as the design, implementation and administration of compliance programs. She also advises clients on the extra-territorial application of trade compliance-related regulations in cross-border transactions.