Financial Crime World

US Seizes Websites Used by North Korean IT Workers to Defraud Businesses

In a significant move against fraudulent activities in banking, the United States has seized 17 website domains used by North Korean information technology (IT) workers to defraud US and foreign businesses.

Background

According to court documents, the IT workers were dispatched from the Democratic People’s Republic of Korea (DPRK) to live abroad, primarily in China and Russia, with the aim of deceiving businesses worldwide into hiring them as freelance IT workers. The scheme, which involved the use of pseudonymous email, social media, payment platforms, and online job site accounts, generated millions of dollars a year for the DPRK’s weapons of mass destruction programs.

Operation

The seized website domains were designed to appear as legitimate US-based IT services companies, allowing the North Korean IT workers to hide their true identities and location. The group, which works for Yanbian Silverstar Network Technology Co. Ltd., based in China, and Volasys Silver Star, based in Russia, had previously been sanctioned by the Department of the Treasury in 2018.

Reaction from Authorities

Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division said:

“The seizures announced today protect US companies from being infiltrated with North Korean computer code and help ensure that American businesses are not used to finance the regime’s weapons program.”

Assistant Director Bryan Vorndran of the FBI’s Cyber Division added:

“Today’s seizures exemplify our commitment to working with our federal and international partners to recognize and disrupt the threat from illicit actors working on behalf of the Democratic People’s Republic of Korea.”

Private Sector Partnerships

The US government has been working closely with private sector partners to protect businesses from this type of fraud. They have also partnered with South Korea to provide threat information about fraudulent DPRK IT worker activity.

Special Agent in Charge Jay Greenberg of the FBI St. Louis Division warned:

“Companies must be vigilant to verify whom they’re hiring and take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities.”

Ongoing Investigation

The investigation is ongoing, led by the National Security Division’s National Security Cyber Section and the US Attorney’s Office for the Eastern District of Missouri.