Financial Crime World

Financial Fraud Scheme Exposed: US Seizes 17 Domains Used by North Korean IT Workers to Fund Weapons Program

Major Crackdown on Financial Fraud

The United States has taken a significant step in cracking down on financial fraud by seizing 17 website domains used by Democratic People’s Republic of Korea (DPRK) information technology workers. These workers, based primarily in China and Russia, were dispatched by the DPRK government to defraud U.S. and foreign businesses, evade sanctions, and fund the development of the DPRK’s weapons program.

Scheme Details

The scheme involved using pseudonymous email, social media, payment platform, and online job site accounts, as well as false websites, proxy computers located in the United States and elsewhere, and witting and unwitting third parties. The IT workers generated millions of dollars a year on behalf of designated entities, such as the North Korean Ministry of Defense and others, directly involved in the DPRK’s UN-prohibited WMD programs.

Infiltration and Theft

In some instances, the IT workers also infiltrated the computer networks of unwitting employers to steal information and maintain access for future hacking and extortion schemes.

US Government Response

The U.S. government has been working with private sector partners to protect U.S. businesses from this kind of fraud. Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division stated, “The seizures announced today protect U.S. companies from being infiltrated with North Korean computer code and help ensure that American businesses are not used to finance that regime’s weapons program.”

International Cooperation

The efforts to disrupt the DPRK IT worker threat are not limited to those of the U.S. government. Since 2022, the United States has partnered with the Republic of Korea (ROK) to provide threat information about fraudulent DPRK IT worker activity to multiple U.S.-based online freelance work and payment service platforms used by the IT workers.

What You Can Do

Experts warn that employers need to be cautious about who they are hiring and who they are allowing to access their IT systems. Unwittingly hiring these bad actors can fund North Korea’s weapons program or allow hackers to steal data or extort companies.

  • Be vigilant when hiring freelance workers, especially those with foreign connections.
  • Verify the identity of potential employees and check their references.
  • Monitor your company’s IT systems for suspicious activity.
  • Report any suspected DPRK IT worker activities to your local FBI field office.

Conclusion

The seizure of 17 website domains used by North Korean IT workers is a significant blow to their financial fraud scheme. It highlights the importance of international cooperation and vigilance in preventing and combating these types of threats. Employers must remain cautious and take steps to protect themselves from these bad actors, while also working with law enforcement agencies to disrupt and dismantle these schemes.