The United States Justice Department has claimed that North Korean nationals have been working remotely for US companies, operating under false identities. The earnings from these activities are alleged to be channeled towards funding weapons of mass destruction programs.
These individuals purportedly utilized fabricated information for emails, payment platforms, and websites. They even went to the extent of compensating Americans for the use of their Wi-Fi and setting up proxy computers through these connections.
$1.5 Million in Earnings
The FBI said that it has secured approximately $1.5 million in earnings from these workers in prior covert seizures conducted in October 2022 and January 2023.
As per the statement issued by the DOJ, on October 17, in accordance with a court order in the Eastern District of Missouri, the United States confiscated 17 website domains that were exploited by North Korean IT workers.
These workers were allegedly part of a scheme to defraud US and foreign businesses, evade sanctions, and fund the development of North Korea's weapons program.
This move followed earlier sealed seizures in October 2022 and January 2023, where around $1.5 million in revenue collected from unwitting victims was confiscated.
Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division emphasized the significance of these seizures, stating they safeguard US companies from potential infiltration by North Korean computer code and prevent American businesses from inadvertently financing the regime's weapons program.
U.S. Attorney Sayler A. Fleming for the Eastern District of Missouri urged employers to exercise caution when hiring and granting access to their IT systems. He highlighted the potential risks of inadvertently contributing to the funding of North Korea's weapons program or becoming targets of data theft or extortion.
Read Also: FBI Warning: North Korean Hackers Ready to Cash Out Millions of Dollars in Crypto
The Alleged Scheme
The scheme, as detailed in court documents, involved the dispatch of thousands of skilled IT workers by the Government of North Korea to reside abroad, primarily in China and Russia.
Their objective was to deceive global businesses into hiring them as freelance IT workers, reportedly generating revenue for North Korea's weapons of mass destruction programs.
Through pseudonymous accounts and false websites, these workers allegedly accumulated millions annually, benefiting entities directly linked to North Korea's UN-prohibited WMD initiatives.
The 17 website domains seized were reported to appear like legitimate U.S.-based IT service companies, enabling the workers to conceal their true identities and locations while applying for remote work.
Notably, this particular group of North Korean IT workers, were said to be affiliated with Yanbian Silverstar Network Technology Co. Ltd. in China and Volasys Silver Star in Russia and had previously faced sanctions in 2018 by the Department of the Treasury, according to the DOJ.
"This scheme is so prevalent that companies must be vigilant to verify whom they're hiring. At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities," said Special Agent in Charge Jay Greenberg of the FBI St. Louis Division.
Related Article: North Korean Hackers Behind JumpCloud Breach, Says Security Experts
