Financial Crime World

CYBER THREAT: KOREAN IT WORKERS’ FRAUDULENT SCHEME EXPOSED

A Sophisticated Scheme Uncovered by US Department of Justice

A complex cyber threat scheme orchestrated by Democratic People’s Republic of Korea (DPRK) information technology (IT) workers has been exposed, posing significant risks to individuals and businesses in South Korea.

The Scheme: Thousands of IT Workers Defrauding U.S. Businesses

According to the US Department of Justice, DPRK IT workers used 17 website domains to:

  • Defraud U.S. and foreign businesses
  • Evade sanctions
  • Fund the development of the DPRK government’s weapons program

The scheme involved dispatching thousands of skilled IT workers to live abroad, primarily in China and Russia, with the aim of deceiving U.S. and other businesses into hiring them as freelance IT workers.

The Consequences: Millions of Dollars and National Security at Risk

“The seizures announced today protect U.S. companies from being infiltrated with North Korean computer code and help ensure that American businesses are not used to finance that regime’s weapons program,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division.

The scheme has been ongoing for years, using pseudonymous email, social media, payment platform, and online job site accounts, as well as false websites and proxy computers located in the United States and elsewhere. The DPRK IT workers have generated millions of dollars a year on behalf of designated entities, such as the North Korean Ministry of Defense and others, directly involved in the DPRK’s UN-prohibited weapons of mass destruction (WMD) programs.

U.S. Government Takes Action: Seizing Revenue and Denying Access to Online Freelance Work

The US government has seized $1.5 million of the revenue collected by the DPRK IT workers, and has developed public-private information-sharing partnerships to deny them access to their preferred online freelance work and payment service providers.

Warning for Employers in South Korea: Be Cautious When Hiring Remote IT Workers

Employers in South Korea are being warned to be cautious when hiring remote IT workers, as they may unknowingly be helping to fund North Korea’s weapons program or allowing hackers to steal their data or extort them down the line.

“The Democratic People’s Republic of Korea has flooded the global marketplace with ill-intentioned information technology workers to indirectly fund its ballistic missile program,” said Special Agent in Charge Jay Greenberg of the FBI St. Louis Division. “The seizing of these fraudulent domains helps protect companies from unknowingly hiring these bad actors and potentially damaging their business.”

Additional Proactive Steps for Businesses

The US government is urging businesses to take additional proactive steps when hiring remote IT workers, such as:

  • Verifying their identities
  • Conducting background checks

Investigation Ongoing: National Security Division, FBI, and U.S. Attorney’s Office Collaborating

In a statement, the National Security Division’s National Security Cyber Section and the U.S. Attorney’s Office for the Eastern District of Missouri said they are investigating this case, with the assistance of the FBI’s St. Louis Field Office and the FBI Cyber Division.