North Korean information technology freelancers are taking advantage of skills shortages around the world to pick up lucrative contracts that earn the authoritarian nation much-needed foreign exchange, the United States warned.
Individually, North Korean IT workers can bring in more than US$300,000 (A$431,600) with teams earning 10 times that amount.
However, the workers themselves see little of the wages they earn, as the North Korean government withholds up to 90 percent of the earnings.
Workers are also subject to human trafficking, forced labour, made to work excessive hours under close surveillance by government security agents, and unsafe and unsanitary living conditions, the US said.
In total, the US estimates that IT workers bring in hundreds of millions of dollars for the North Korean government, which is accused of using the funds to develop nuclear arms and weapons of mass destruction.
The North Korean IT workers use various ruses to gain employment, US agencies said in a joint advisory [pdf].
They target freelance contracts on offer in North America, Europe and East Asia, while representing themselves as being South Korean, Chinese, Japanese, Eastern European or US-based remote workers.
North Koreans have also attempted to obfuscate their identities by creating arrangements with other third-party subcontractors and online freelance platforms to hide their nationalities, the US said.
Forged and stolen identification credentials are also used by North Korean developers to cover up their identities.
The North Korean IT workers target a wide range of work, from mobile and web application development to animation, general support, online gambling, hardware and firmware, database management and virtual reality.
Although the IT workers normally engage in non-malicious assignments, some have used their privileged access to enable North Korean cyber intrusions, the US said.
Others are also said to have assisted North Korea in procuring weapons of mass destruction and ballistic missile related items for the country's prohibited arms program.
Over the past few years, the North Korean regime under its supreme leader Kim Jong Un has placed increased focus on IT training and education, with scores of academic programs made available to tens of thousands of university students.
Hiring North Korean IT staff exposes organisations and individuals to potential legal consequences such as US and United Nations sanctions, along with reputational risks, the American authorities warned.
The US is asking organisations to better verify documents presented by employment candidates, use video interviews and apply technical measures such as checking if applicants access freelance platforms remotely through desktop sharing software, or virtual private networking applications.
