October 20, 2023 at 05:03AM
The U.S. government has seized 17 website domains used by North Korean IT workers who engaged in fraudulent activities, evaded sanctions, and funded the country’s ballistic missile program. The Department of Justice confiscated $1.5 million of revenue collected by these workers. The workers primarily reside in China and Russia, deceiving companies into hiring them with fake identities. They are part of North Korea’s Workers’ Party of Korea’s Munitions Industry Department. The seized websites posed as U.S.-based IT service companies to conceal the true identities of North Korean actors. The FBI has issued guidance on the tactics used by these IT workers.
Summary:
The U.S. government has seized 17 website domains used by North Korean IT workers involved in a fraudulent scheme to defraud businesses, evade sanctions, and fund the country’s ballistic missile program. The Department of Justice (DoJ) confiscated $1.5 million of the revenue collected by these IT workers. The workers primarily live in China and Russia and deceive companies in the U.S. and elsewhere, generating millions of dollars in illicit revenues. These workers are assessed to be part of North Korea’s Workers’ Party of Korea (WPK) Munitions Industry Department and are deployed both domestically and abroad. They acquire contracts from clients globally and sometimes pretend to be based in the U.S. or other countries. The seized website domains masqueraded as legitimate U.S.-based IT services companies but were actually associated with previously sanctioned Chinese and Russian companies. The FBI issued guidance on the new tradecraft used by these IT workers, highlighting coding test cheating and threats to release source codes if additional payments are not made. Employers are advised to be cautious about who they hire and allow access to their IT systems to avoid funding North Korea’s weapons program and potential data theft or extortion.
Key Takeaways:
1. The U.S. government has seized 17 website domains used by North Korean IT workers involved in a fraudulent scheme.
2. The workers primarily live in China and Russia and deceive companies to generate illicit revenues.
3. They are assessed to be part of North Korea’s Workers’ Party of Korea Munitions Industry Department.
4. The seized domains masqueraded as legitimate U.S.-based IT services companies but were associated with previously sanctioned Chinese and Russian firms.
5. The FBI issued guidance on the new tradecraft used by these IT workers, emphasizing coding test cheating and threats to release source codes.
6. Employers should exercise caution when hiring and granting IT system access to avoid funding North Korea’s weapons program and potential data theft or extortion.