Morrison Foerster is an international law firm with lawyers practicing throughout the United States, Asia, and Europe. Click to discover more.

mofo_share_image.jpg

Morrison Foerster

common-default.jpeg

Terms / Notices

Cookies

Privacy Policy

Reporting Hotline

Attorney Advertising

Alumni

  Linkedin

MoFo LinkedIN

  Facebook

MoFo Facebook

YouTube

MoFo Youtube

Morrison Foerster - Footer

North Korean IT Workers: Recent Developments, Risks & Best Practices

You have not solved the recaptcha challenge yet or session expired, try again.

Email Disclaimer

Disclaimer

Unsolicited e-mails and information sent to Morrison Foerster will not be considered confidential, may be disclosed to others pursuant to our <a href="https://www.mofo.com/about/privacy-policy.html">Privacy Policy</a>, may not receive a response, and do not create an attorney-client relationship with Morrison Foerster. If you are not already a client of Morrison Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

Feedback

mofo-logo-2022.svg

People

Capabilities

Resources

About

Community

Offices

Careers

Stay Connected

Increasingly, the DPRK is disguising remote North Korean IT workers as U.S. based contractors—allowing them to evade U.S....

<h3>Sorry, we weren’t able to find the terms you entered.</h3>Please try a different term or keyword.

People

Capabilities

Resources

Not Found Cards

Increasingly, the DPRK is disguising remote North Korean IT workers as U.S. based contractors—allowing them to evade U.S. sanctions, generate revenue for the regime, and potentially compromise networks. In this webinar, MoFo attorneys Miriam Wugmeister, David Newman (former Principal Deputy Assistant Attorney General for National Security at U.S. Department of Justice (DOJ)), and Brandon Van Grack (former Chief of Foreign Agents Registration Act Unit at DOJ) will unpack the legal and compliance challenges that this creates for in-house counsel and offer guidance on detection, remediation, and sanctions risk mitigation.This webinar will be one of three that MoFo’s Privacy + Data Security team is hosting during Cybersecurity Month 2025. Learn more about the other programs below:<a href="https://www.veracast.com/webcasts/mofo/mcle-programs/V7AL4z.cfm" target="_blank">The Lawyer’s Field Guide to Cybersecurity Incidents</a>October 7, 1:00 – 2:00 p.m. ET<a href="https://www.veracast.com/webcasts/mofo/mcle-programs/X12F28.cfm" target="_blank">CTRL+ALT+DEFEND: Insights on Emerging Threats and Best Practices for Cyber Risk Mitigation</a>October 29, 1:00 – 2:00 p.m. ET<hr>

Sign Up

Few lawyers in the world have Miriam’s breadth and understanding of privacy and data security laws, obligations, and practices. As co-chair of Morrison Foerster’s preeminent global Data, Cyber + Privacy Group, leading 60+ lawyers, Miriam is regularly called upon by some of the world’s largest and most complex multinational organizations to confront their most difficult U.S. and international privacy and cybersecurity challenges. Miriam is a trusted advisor who provides legal and strategic advice on all areas of international privacy and data protection issues. She works with global companies on the planning and execution of complex global compliance efforts and helps them find practical solutions to use and manage personal information in every country in the world. She also defends regulatory matters relating to privacy and cybersecurity in the United States and internationally and advises on the Department of Justice Bulk Data Rules. Her counsel is particularly prized for cybersecurity preparedness and breach response. Miriam and her team have navigated some of the largest and most consequential cybersecurity incidents in history, including assisting Mandiant when it discovered and warned the world about the SolarWinds compromise. Having helped hundreds of clients respond to breaches, Miriam is frequently called upon to advise and educate boards of directors regarding cybersecurity and the key role that boards play in understanding and overseeing the potential risks. Miriam works with companies to develop comprehensive customized incident response plans, train staff, conduct extensive tabletop exercises, and address key issues with executive management. While she regularly advises clients on responses to ransomware attacks and other cyber extortion incidents, she works on all aspects that arise in the context of large security incidents, including communication strategies, notifications to customers, consumers, and regulators; public disclosures; interactions with law enforcement globally; litigation; and investigations by regulators around the world.Miriam serves as a board member of the ADP AI & Data Ethics Committee and is a leader in MoFo’s AI Group, a cross-practice team that provides sophisticated, full-service representation to a wide range of clients with companies that both develop and use cutting-edge, rapidly changing technology in the AI space. Miriam uses her extensive industry experience and collaborative global approach to help her clients integrate the newest trends and developments in AI with their business needs.Recognized as a market leader by all major directories, Miriam has been ranked in the top tier of privacy and data security lawyers worldwide by Chambers USA and Chambers Global for well over a decade. She was an inaugural inductee into The Legal 500 Hall of Fame, which is comprised of outstanding U.S. lawyers who have been recommended as The Legal 500’s Leading Lawyers for the last six consecutive years. The Cybersecurity Docket has recognized Miriam as one of its Incident Response 50, a list of the top data breach response lawyers globally. She has been named one of Financial Times’ Top 10 Innovative Lawyers in North America and a National Law Journal Cybersecurity and Data Privacy Trailblazer for her breakthrough work in this space. Miriam was also previously designated as an Ethisphere Attorney Who Matters and a BTI Client Service All-Star. A frequent commentator on cybersecurity, she has been interviewed by media outlets including CNBC, The New York Times, and The Wall Street Journal, among many others.

Miriam Wugmeister

Partner

Brandon L. Van Grack co-chairs Morrison Foerster’s National Security and Crisis Management groups. His practice focuses on investigations, criminal defense, and compliance matters involving export controls and sanctions, foreign investment, and cyber incidents. Brandon’s arrival to the firm follows more than a decade of service at the U.S. Department of Justice (DOJ), where he held multiple senior positions. In those positions, he helped manage the U.S. government’s tools to address perceived national security threats in China and Russia, oversaw every criminal investigation involving sanctions and export controls, and was Chief of DOJ’s Foreign Agents Registration Act (FARA) Unit.Brandon’s leadership and breadth of national security experience offers clients in the financial services, technology, artificial intelligence, defense, media, and communications sectors unmatched insider enforcement perspective across the entire national security landscape, including sanctions, the Committee on Foreign Investment in the United States (CFIUS), export control, cybersecurity matters, and FARA.<blockquote>“Brandon sees around corners. He tells me where the government is going.” – Chambers USA</blockquote><h4>Investigations & White Collar Defense </h4>At the DOJ, Brandon led and supervised some of the government’s most significant corporate investigations and resolutions across the national security spectrum. As Counsel to the Assistant Attorney General for National Security, and a Trial Attorney in the Counterintelligence & Export Control Section, he worked on the resolution of almost every significant corporate matter pertaining to export control and sanctions violations in the last decade and is one of the few attorneys to have managed the DOJ’s Voluntary Self‑Disclosure Program for export control and sanctions violations. As Chief of the FARA Unit, he directed scores of investigations of companies for acting as unregistered foreign agents. A selection of Brandon’s investigation & white collar defense experience includes:<ul><li>Obtained closure letter from DOJ for Cole Engineering Services, a subsidiary of By Light Professional IT Services LLC, less than six months after federal agents executed a search warrant at the company as part of a DOJ investigation.</li><li>Obtained declination from DOJ’s Criminal Fraud Section and United States Attorney’s Office for a prominent advertising and marketing agency concerning allegations that the company insiders improperly obtained and used Paycheck Protection Program (PPP) funds.</li></ul><h4>Sanctions, Export Control, & Foreign Investment</h4>As Counsel to the Assistant Attorney General, Brandon oversaw every criminal investigation involving export control and sanctions and led the DOJ’s response to the Obama Administration’s rollback of sanctions targeting Iran—the Joint Comprehensive Plan of Action (JCPOA). As a Trial Attorney, he prosecuted more than 30 export control and sanctions cases, including first-ever cases involving North Korea, weapons of mass destruction, and the Atomic Energy Act. In the first Trump Administration, Brandon led DOJ’s review of transactions involving foreign influence before CFIUS and Team Telecom; he also managed the DOJ’s review of transactions before CFIUS during the Obama Administration. A selection of Brandon’s sanctions, export control, & foreign investment experience includes:<ul><li>Obtained declination from DOJ and Department of State for individual accused of violating the International Traffic in Arms Regulations (ITAR) and brokering.  </li><li>Obtained declination from DOJ for CEO of a global technology company subject to criminal and civil investigations into alleged violations of the Export Administration Regulations (EAR).</li><li>Obtained license on an expedited timeline from the Bureau of Industry and Security (BIS) for a U.S. technology and manufacturing company to winddown operations in Russia.</li><li>Represent global retailer to conduct internal investigation and draft disclosures to civil authorities pertaining to potential apparent violations of U.S. sanctions and export controls laws.</li><li>Developed U.S. sanctions compliance program for artificial intelligence company and advised on implementation, including ongoing support for compliance processes and procedures.</li><li>Led internal investigation and submitted response to OFAC subpoena for software development company regarding potential violations of multiple sanctions programs; obtained cautionary letter.</li><li>Conducted international investigation concerning federal and state material support statutes as well as related sanctions issues for prominent international organization.</li><li>Represented cryptocurrency exchange before CFIUS in one of the largest cryptocurrency-related transactions and first filing involving digital assets before the Committee.</li><li>Represented Kahoot!, a global learning platform company based in Norway, in CFIUS matters related to its acquisition of Clever Inc.</li></ul><h4>FARA & the Lobbying Disclosure Act</h4>As Chief of the FARA Unit in the first Trump Administration, and the first official to supervise all foreign influence matters across the DOJ, Brandon revitalized and transformed the enforcement of FARA. Following the DOJ’s announcement making FARA an enforcement priority, he supervised a team of 40 attorneys and staff that opened a record number of investigations, pursued a record number of enforcement actions, secured a record number of registrations, and obtained the first civil injunction involving FARA in nearly three decades. Brandon also directed the review of Lobbying Disclosure Act (LDA) filings for criminal violations and regulated the exemption under FARA for LDA registrants. He also wrote the book on FARA enforcement for the American Bar Association. A selection of Brandon’s FARA & Lobbying Disclosure Act experience includes:<ul><li>Obtained first-ever closure letter from DOJ FARA Unit for a technology company under investigation for potential FARA violations.</li><li>Obtained declination from DOJ for sports organization in connection with a FARA investigation. </li></ul><h4>Cybersecurity </h4>As a long-time prosecutor, including as a Special Assistant U.S. Attorney for the U.S. Attorney’s Office for the Eastern District of Virginia, Brandon directed complex cyber investigations, including multiple matters involving state-sponsored cyber attacks. He prosecuted the first person convicted as a cyberterrorist and led the investigation of an international hacking group for identity theft, extortion, and dozens of spearphishing attacks against public and private entities. He also collaborated with other government agencies, such as the Securities and Exchange Commission, Federal Bureau of Investigation, and the Department of Homeland Security, to facilitate cooperation from corporate victims and disseminate threat information. A selection of Brandon’s cybersecurity experience includes:<ul><li>Obtained assistance from FBI and local enforcement for a data and analytics firm to disrupt cyber-enabled campaign of former employee targeting customers.</li></ul>During his time at the DOJ, Brandon handled the entire range of national security matters. He led and supervised investigations and prosecutions involving espionage, economic espionage, mishandling of classified information, and theft of trade secrets. He also directed investigations involving treason, mutiny, the Neutrality Act, and the Logan Act, and worked closely with the Department of Education on matters pertaining foreign influence, foreign funding, and national security.Brandon has been widely recognized for his deep experience in handling national security matters, and keynotes and speaks at industry conferences involving export control and sanctions, CFIUS, FARA, and political law. He has received numerous awards for his work, including the Attorney General’s Award for Distinguished Service (2018), the FBI Director’s Award for Outstanding Cyber Investigation (2017), the Director of National Counterintelligence’s Award for Excellence (2019), the Homeland Security Investigations Executive Associate Director’s Award for Outstanding Counterproliferation Investigation (2014), and five awards from the Assistant Attorney General for National Security.Brandon regularly provides insight on national security issues and DOJ matters with national media. He is a frequent contributor on cable news, including MSNBC’s The Rachel Maddow Show, Deadline: Whitehouse and All In with Chris Hayes, ABC's Good Morning America, NBC's Meet the Press, CNN, BBC News, Sky News and NHK World. He also regularly appears on NPR’s Morning Edition. He has been quoted on a variety of national security topics in the Wall Street Journal, New York Times, and Washington Post, among others,Brandon is also a Contributing Editor to the Lawfare blog and co-host of <a href="https://www.lawfaremedia.org/podcasts-multimedia/podcast/the-regulators-series" target="_blank">The Regulators</a> podcast, where he speaks with key U.S. government regulators in the national security space, including leaders at OFAC, CFIUS, the Bureau of Industry and Security, DOJ, FinCEN, the Office of Information and Communications Technology and Services (ICTS), and FBI.

Brandon L. Van Grack

David Newman serves as co-chair of the firm’s National Security and Crisis Management practices, drawing upon his deep experience in private practice and as a senior U.S. Department of Justice (DOJ) and White House official to represent clients in high stakes matters involving national security, geopolitical risk, emerging technology, and crisis management. David also leads the firm’s interdisciplinary Government Strategies group.A former Principal Deputy Assistant Attorney General for National Security (PDAAG) and Associate Deputy Attorney General, David advises companies navigating cybersecurity incidents, sanctions and export control enforcement, Committee on Foreign Investments in the United States (CFIUS) reviews, and Foreign Agents Registration Act (FARA) investigations. He has extensive experience conducting internal and government-facing cross-border investigations and representing clients in congressional inquiries and hearings.David co-founded the firm’s innovative Crisis Management practice nearly a decade ago, serving as a go-to resource for clients facing legal scrutiny by government agencies around the world. Drawing on his background working on complex and sensitive matters in private practice and at the highest levels of the U.S. government, he understands how regulators and prosecutors think, enabling him to provide highly strategic counsel to clients across a broad range of industries. He has frequently served as a liaison between clients and government agencies, including DOJ, the FBI, and other U.S. national security and intelligence agencies, and counseled clients on emerging regulation involving new technologies. For his work advising companies on how to navigate the COVID-19 pandemic, he was named a <a href="/resources/news/200901-national-law-journal-david-newman" target="_self">“Trailblazer” by the National Law Journal</a> in 2020. With the change in administration in 2021, David returned to DOJ to serve in a “day one” leadership role. From 2021 to 2022, he served as Associate Deputy Attorney General. From 2022 to 2025, he served as PDAAG, DOJ’s second highest-ranking national security official, supervising the work of nearly 300 career attorneys in DOJ’s National Security Division (NSD) with engagement across virtually all aspects of NSD’s portfolio, including supervision of DOJ’s criminal enforcement programs for sanctions, export controls, counterterrorism, counterespionage, and FARA. During his tenure, NSD created the “NatSecCyber” section, the first new litigating section in NSD’s history with a mission to centralize DOJ’s prosecutions and disruptions of national security cyber threats emanating from China, Russia, Iran, and North Korea (among other U.S. adversaries); restructured and expanded NSD’s corporate enforcement program; and spearheaded the U.S. government’s approach to countering the threats posed by foreign adversary access to Americans’ sensitive bulk data. In addition to his work supervising investigations and prosecutions, David served for more than two years as DOJ’s regular representative to Assistant Secretary meetings of CFIUS; represented DOJ at dozens of National Security Council (NSC) meetings; and led administration-wide initiatives involving emerging technology, bulk data security, and countering foreign malign influence and transnational repression. In private practice, David has routinely advised clients on cybersecurity and data privacy matters including sensitive issues involving incident preparedness and response, emerging technology regulation, and economic espionage. In 2024, he delivered the capstone address at the U.S. Cyber Command Annual Legal Conference, in which he highlighted DOJ’s work countering nation state cyber threats. He has testified before Congress on the threats to national security posed by emerging technology, including serving as lead briefer for an all Member briefing on proposed legislation to address the national security risks posed by TikTok and other foreign adversary-controlled social media applications. He also served as the U.S. government’s lead representative in international meetings and initiatives to address the evolving threat landscape of foreign malign influence and transnational repression. Named several years ago as one of the top “40 under 40” figures in the data law bar around the world by Global Data Review, David’s commentary and thought leadership on law and technology have appeared in and been quoted in CNBC, The Wall Street Journal, Bloomberg, Corporate Counsel, Ethisphere, and Wired Magazine, among other publications. A former law clerk on the U.S. Supreme Court, David is routinely asked to advise clients on both the near-term and long-term implications of unsettled legal questions at the intersection of law and emerging technology.David’s practice also extends to advising on congressional oversight matters related to national security and emerging technology, including responding to congressional inquiries on behalf of large, multinational companies and preparing individuals for interviews and testimony in connection with congressional hearings and investigations. While in private practice, David advised leading company executives and other prominent individuals related to high-profile hearings and investigations of the Senate and House Judiciary Committee, among other congressional committees. In his positions in government, David regularly briefed congressional members and staff on sensitive national security developments and coordinated briefings and responses to congressional inquiries involving administration priorities.Earlier in his career, David held key national security legal and policy posts at the White House, including serving as Special Assistant and Associate Counsel to President Obama (2015–2017) and in multiple roles on the NSC staff (2013–2015). Throughout his tenure at the White House, David played a central role in coordinating the administration’s response to domestic and international crises including serving as Director for Counterterrorism, Acting Deputy Legal Advisor, and as Chief of Staff in the Office of the Ebola Response Coordinator. In his White House posts, David regularly advised the president and other senior administration officials on a range of complex matters affecting the federal government and oversaw a broad portfolio that spanned national security priorities, crisis response and preparedness planning, new data and technology initiatives, criminal justice policy, and civil rights litigation. He also helped the National Security Council to coordinate the U.S. government’s response to the largest Ebola outbreak in recorded history.David began his Executive Branch tenure as a career attorney in DOJ’s NSD. In his role as counsel to the Assistant Attorney General for National Security from 2011 to 2013, David helped counsel senior officials within DOJ and across the U.S. government on a wide array of matters—from high profile terrorism investigations and litigation involving government surveillance programs to matters before CFIUS. Prior to his Executive Branch service, David clerked for Justice Ruth Bader Ginsburg of the U.S. Supreme Court, Judge Robert A. Katzmann of the U.S. Court of Appeals for the Second Circuit, and Judge Jed S. Rakoff of the U.S. District Court for the Southern District of New York, and he also served as a litigator in private practice at an international law firm.David received his J.D. from Yale Law School and his B.A. summa cum laude from Columbia University.<h4>Selected Private Practice Matters</h4><ul><li>Advising a major U.S. telecommunications company that successfully obtained national security and other regulatory approvals at the federal and state levels in connection with a proposed merger.</li><li>Advising a major U.S. technology company facing exposure of sensitive customer information by a third-party vendor on its response to a vulnerability disclosure report.</li><li>Representing a leading U.S. company in a high-profile, multijurisdictional, government-facing bribery investigation in Africa.</li><li>Conducting cybersecurity tabletop exercises at the operator, executive, and board levels for Fortune 500 organizations in the healthcare, retail, and pharmaceutical sectors.</li><li>Counseling a major U.S. media company on cybersecurity matters.</li><li>Coordinating the work of an independent corporate compliance monitor for a large South American company in the wake of a multijurisdictional resolution with DOJ.</li><li>Advising a non-U.S. investor on CFIUS strategy and other regulatory issues arising out of a multi billion dollar investment in a major U.S. company.</li><li>Conducting pre-investment and pre-acquisition CFIUS due diligence in several multi-billion-dollar transactions in which a non-U.S. investor pursued positions in leading and emerging technology companies.</li></ul>

David Newman

Data, Cyber + Privacy

Register

North Korean IT Workers: Recent Developments, Risks & Best Practices

21 Oct 2025 1:00 PM - 2:00 PM EDT