Financial Crime World

Seized Website Domains: FBI and DOJ Disrupt North Korean IT Workers’ Global Fraud Scheme

The Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ) announced on Oct. 17 the seizure of 17 domain names linked to Democratic People’s Republic of Korea (DPRK) IT workers involved in a global fraud scheme. This initiative aims to:

  • Protect U.S. and foreign businesses from North Korean cyber intrusions
  • Safeguard against the financing of the DPRK’s dangerous weapons programs

FBI and DOJ Initiatives to Combat North Korean Fraud

The seizure follows:

  • Previous court-authorized seizures of roughly $1.5 million in revenue
  • Establishment of partnerships with private companies

Assistant Attorney General Matthew G. Olsen of the DOJ’s National Security Division stated, “These seizures protect American businesses from North Korean cyber intrusions and safeguard against the financing of the regime’s weapons programs.”

Assistant Director Bryan Vorndran from the FBI’s Cyber Division added, “Today’s actions exemplify our dedication to cooperating with international partners to recognize and disrupt threats from actors working on behalf of the Democratic People’s Republic of Korea.”

Caution for U.S. Businesses

Employers were urged to:

  • Be vigilant about who they hire
  • Grant system access only to trusted individuals

Employers must be vigilant about who they hire and grant system access to, as they could be inadvertently funding North Korea’s weapons program or exposing their data and assets to potential hacks and extortion.

  • U.S. Attorney Sayler A. Fleming for the Eastern District of Missouri

North Korean IT Workers’ Global Fraud Scheme

Between 2018 and 2023, the DPRK reportedly dispatched over 10,000 IT workers abroad. They misrepresented themselves as legitimate IT workers, often:

  • Misrepresented identities with pseudonymous accounts and false websites
  • Gained unauthorized access to networks for potential future hacking and extortion schemes

Around the world, these IT workers generated millions of dollars annually for the North Korean Ministry of Defense and other Weapons of Mass Destruction (WMD) programs.

The Seized Domains and their Purpose

The seized domains were designed to appear as those of legitimate IT companies in the U.S. They enabled North Korean IT workers to conceal their identities while applying for online freelance jobs. Two companies, Yanbian Silverstar Network Technology Co. Ltd. and Volasys Silver Star, were involved in these fraudulent schemes. They had been sanctioned by the Department of the Treasury since 2018. The fraudulently acquired income was channeled back to the DPRK through online payment services and Chinese bank accounts.

International Collaboration Against the DPRK IT Worker Threat

Since 2022, the U.S. has collaborated with South Korea:

  • Providing threat intelligence on fraudulent DPRK IT worker activity
  • Hosting joint symposiums with the U.S. Department of State and the ROK
  • Engaging in private-public partnerships to combat the DPRK IT worker threat

The collaborative efforts led to:

  • Independent investigations
  • Ameliorated fraud detection mechanisms
  • Cease of thousands of previously unidentified fraudulent accounts

The FBI and DOJ’s National Security Cyber Section and the U.S. Attorney’s Office for the Eastern District of Missouri are handling the investigation, with the FBI’s St. Louis Field Office conducting the case on behalf of the FBI Cyber Division.