Researcher exposes North Korean IT unit making $1M a month
An independent researcher ZachXBT found profiles, invoices and payment records linking a North Korean-managed team to about $1 million per month from online freelance IT contracts.
ZachXBT uncovered a coordinated North Korean-managed operation that earned about $1 million a month by offering IT services on freelance marketplaces and private channels. The researcher provided profiles, client records and payment evidence to investigators and independent analysts.
The operation placed bids on development and support work, completed projects for overseas clients and collected payments. Recovered materials include client invoices, internal logs and scheduling documents that the researcher presented as linking the contracts to a single organized unit rather than unaffiliated freelancers.
Reported services included software development, website and server maintenance and data processing. The materials indicate the contracts were frequent and recurring and produced a predictable revenue stream over a sustained period.
To conceal ties to North Korea, profiles listed foreign locations and project managers used intermediaries to communicate with clients. Payments were routed through third-party accounts and converted through overseas networks, the researcher reported, which complicated tracing for platform operators and investigators.
The researcher documented and preserved the material before sharing it with analysts and relevant authorities. They recommended immediate review of high-volume IT contracting accounts flagged as suspicious and suggested stronger identity verification, transaction monitoring and follow-up audits on freelance platforms.
Security professionals note that some sanctioned states use cyber activity and online services to earn foreign currency. Platform operators face detection challenges because delivered work can meet client requirements; identifying centralized control requires technical indicators, document trails and behavioral analysis.
The disclosure does not include formal attribution by government agencies. The researcher acknowledged limits on what could be proven publicly without exposing sources and methods and said the materials provided to investigators could support further action.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
