This is a follow up to a story that I wrote recently on this topic. This week there was a seizure of 17 website domains allegedly used by North Korean IT workers in a scheme to defraud U.S. and foreign businesses, ultimately funding the DPRK government’s weapons programs:
The United States said on Wednesday it has seized 17 website domains used by North Korean information technology workers in a scheme to allegedly defraud businesses, evade sanctions and fund the development of North Korea’s weapons program.
The seizures took place on Tuesday pursuant to a court order in Missouri, the U.S. Justice Department said in a statement.
The United States has alleged that North Korea oversees thousands of IT workers around the world, primarily located in China and Russia, with the aim of deceiving U.S. and other businesses worldwide into hiring them as freelance IT workers, in order to generate revenue for its weapons of mass destruction and ballistic missiles programs.
North Korea has “flooded the global marketplace with ill-intentioned information technology workers to indirectly fund its ballistic missile program,” the Justice Department said on Wednesday, urging employers to be cautious.
Related to that, there’s now additional guidance for US businesses to make sure that they don’t fall for North Korean IT workers trying to scam their way into US businesses.
Ken Westin, Field CISO, Panther Labs had this to say:
This deals in the realm of insider threat and isn’t something security should be responsible for alone, this type of threat requires collaboration between security and HR. In these cases either someone was not conducting background checks properly or ata all, or the North Koreans did a really good job at opsec for these individuals with fake identification and more. Although the awning of money to North Korea is a concern, I think the larger threat is missed, we had potential North Korean spies in many organizations IT infrastructure with access to sensitive data and one has to wonder if they weren’t also conducting cyber espionage.
As usual the North Koreans are up to no good. Which means that everyone needs to be on the look out for this scheme, or any other scheme that they come up with as they clearly are a very determined adversary.