More than a dozen North Korean nationals suspected of operating a social engineering scam posing as fake IT staff have been indicted in the US, after generating serious income for the DPRK.
A federal court in St. Louis, Missouri formally charged 14 individuals with “long-running conspiracies to violate US sanctions and to commit wire fraud, money laundering, and identity theft”.
The group is accused of working for two DPRK-controlled businesses called Yanbian Silverstar and Volasys Silverstar located in China and Russia, which used fake, stolen, or ‘borrowed’ citizen identities from the US and elsewhere to get work as remote IT workers for US firms.
According to the Department of Justice (DoJ), some of the 14 were ordered by their superiors to earn a minimum of $10,000 per month in their positions.
In some cases, the individuals were said to have supplemented their employment earnings by stealing sensitive information such as proprietary source code from their employers, and then extorting them to prevent it being leaked.
The DoJ said the campaign had generated in excess of $88 million throughout the approximately six-years it had been in operation, with the proceeds being sent back to DPRK-controlled accounts based in China.
“To prop up its brutal regime, the North Korean government directs IT workers to gain employment through fraud, steal sensitive information from U.S. companies, and siphon money back to the DPRK,” said Deputy Attorney General Lisa Monaco.
“This indictment of 14 North Korean nationals exposes their alleged sanctions evasion and should serve as a warning to companies around the globe — be on alert for this malicious activity by the DPRK regime.”
Front companies employed 130 North Korean ‘IT Warriors’
Summarizing the activity carried out by the group named in the indictment, the DoJ cited a May 2022 advisory from the State Department and FBI that asserted the operation encompassed thousands of ‘highly skilled’ IT workers embedded in organizations around the world.
“The DPRK has dispatched thousands of highly-skilled information technology workers around the world, earning revenue that contributes to the DPRK’s weapons programs, in violation of US and UN sanctions,” the indictment reads.
The two companies named in the indictment were said to employ at least 130 DPRK-linked IT workers who refer to themselves as ‘IT Warriors’.
In August, security awareness firm KnowBe4 revealed it had unknowingly been employing one such ‘IT Warrior’, who was able to infiltrate the firm posing as a remote software engineer based in the US.
Stu Sjouwerman, CEO at KnowBe4 detailed the case in a blog post, stating the firm only discovered they had a malicious insider after their EDR software detected the individual had started loading malware as soon as they had received their Mac workstation.
Fortunately in this case KnowBe4 caught the culprit before they could steal any data or compromise any systems, but Sjouwerman warned the incident could have had potentially devastating consequences.
The indictment added that the accused had enlisted individuals from the US to purchase or receive laptops from the target organizations and install remote access programs on them so it would appear they were logging in from the US.
In August the DoJ charged Matthew Isaac Knoot of running one laptop farm for a fake IT worker campaign in Nashville.
The arrest was one of the first made under the DPRK RevGen: Domestic Enabler initiative launched in March 2024 where US law enforcement announced they were “prioritizing the identification and shuttering of US-based ‘laptop farms’.
Source link
-
-
/cdn.vox-cdn.com/uploads/chorus_asset/file/25546252/STK169_Mark_Zuckerburg_CVIRGINIA_D.jpg)
-
-
-
-
-
-
