Financial Crime World

Korea’s Cybercrime Threat: US Seizes 17 Website Domains Used by North Korean IT Workers to Defraud Businesses and Fund Weapons Program

The United States has taken a significant step in cracking down on cybercrime by seizing 17 website domains used by Democratic People’s Republic of Korea (DPRK) information technology workers to defraud U.S. and foreign businesses and fund the development of Pyongyang’s weapons program.

Background

This move follows previous seizures of approximately $1.5 million in revenue collected from unwitting victims and the establishment of public-private partnerships to deny the IT workers access to online freelance work and payment service providers.

Statement by Assistant Attorney General Matthew G. Olsen

Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division said that the seizures will protect U.S. companies from being infiltrated with North Korean computer code and ensure that American businesses are not used to finance Pyongyang’s weapons program.

Key Takeaways

  • The seized website domains were used by a group of DPRK IT workers who posed as freelance IT workers on online job sites and payment platforms.
  • These IT workers generated millions of dollars in revenue for Pyongyang’s weapons program, including ballistic missile development.
  • The U.S. government has warned that these IT workers have infiltrated the computer networks of unwitting employers to steal information and maintain access for future hacking and extortion schemes.

The DPRK Cybercrime Scheme

The DPRK’s cybercrime scheme is widespread, with thousands of skilled IT workers dispatched abroad, primarily in China and Russia, to deceive businesses worldwide into hiring them as freelance IT workers. The U.S. government has described this scheme in a May 2022 advisory and has provided updates on the threat to U.S. companies.

U.S.-ROK Partnership

The U.S. government’s efforts to disrupt the DPRK IT worker threat are not limited to those of the U.S. government alone. Since 2022, the United States has partnered with the Republic of Korea (ROK) to provide threat information about fraudulent DPRK IT worker activity to multiple U.S.-based online freelance work and payment service platforms used by the IT workers.

Investigation

The National Security Division’s National Security Cyber Section and the U.S. Attorney’s Office for the Eastern District of Missouri are investigating this case, with the assistance of the FBI’s St. Louis Field Office and the FBI Cyber Division.

Quotes

  • “We are committed to working with private sector partners to protect U.S. business from this kind of fraud, to enhance our collective cybersecurity, and to disrupt the funds fueling North Korean missiles,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division.