Here's How North Korea Was Able To Establish A Hacker Workforce And Steal $3 Billion

North Korea is employing thousands of overseas information technology (IT) workers for its alleged cybercrime operations, according to a report.

The Wall Street Journal reported, citing U.S. officials, that North Korean IT workers based in other countries, such as Russia and China, have pretended to be Canadian IT workers, government officials, freelance Japanese blockchain developers or potential employers to victimize Western companies.

The report revealed that North Korean cyber actors would hire Western "front people," or individuals who sit through job interviews in the place of the North Koreans who are actually being hired.

Once hired, North Korean workers would sometimes make small changes to products that allow them to be hacked, former victims and investigators told the outlet.

An example of how North Korea operates its notorious IT workforce is when it accessed the computer of an engineer working for the blockchain gaming company Sky Mavis.

According to WSJ, a recruiter had reached out to a Sky Mavis engineer through LinkedIn. After the two spoke over the phone, the recruiter gave the engineer a document to review during the interview.

However, the recruiter was part of North Korea's cybercrime operation, and the document was embedded with a malicious computer code that gave the hackers access to the engineer's computer, the report claimed.

It allowed North Korean hackers to allegedly break into Sky Mavis and steal over $600 million, mostly from players of the company's digital pets game, "Axie Infinity."

The Sky Mavis heist was North Korea's biggest haul in five years. Overall, the country has allegedly stolen more than $3 billion through its cybercrime activities, according to Chainalysis, a blockchain analytics firm.

Aleksander Larsen, Sky Mavis' chief operating officer, said the funds stolen by North Korea "would look like an existential threat to what you are building."

The White House was also concerned about the hacking incident. Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said, "That has driven us to intensely focus on countering this activity."

In 2022, the Cybersecurity and Infrastructure Security Agency (CISA) revealed North Korean hackers used ransomware to target hospitals. The cyberattack involved hackers locking up a victim company's files and demanding payment for their release.

"It seems like a modern-day pirate state," Nick Carlsen, a former FBI analyst who now works for the blockchain tracing firm TRM Labs, said.

"They're just out there raiding," he added.

U.S. officials said revenues from North Korea's cybercrime operations are being used to fund about 50% of the secluded country's ballistic missile program.

In 2019, the U.S. State Department estimated that North Korea spent $4 billion, or 26% of its economy, on defense.