The Department of Defense (DOJ) announced the seizure of several website domains North Korea used in attacks targeting businesses worldwide.
The scheme hatched by North Korea is complex. It involves relocating North Korean citizens to Russia and China to persuade companies to hire them as freelancers in the IT sector.
"Through this scheme, which involves the use of pseudonymous email, social media, payment platform and online job site accounts, as well as false websites, proxy computers located in the United States and elsewhere, and witting and unwitting third parties, the IT workers generated millions of dollars a year on behalf of designated entities, such as the North Korean Ministry of Defense and others, directly involved in the DPRK's UN-prohibited WMD programs," explained the DOJ.
These IT workers would infiltrate the computer networks of unwitting employers to steal information and maintain access for future hacking and extortion schemes. Seventeen website domains used in these attacks appeared to belong to legitimate US-based IT services companies.
In reality, the so-called "IT freelancers" worked for PRC-based Yanbian Silverstar Network Technology Co Ltd and the Russia-based Volasys Silver Star, both of which have been sanctioned.
The domain seizures follow the previously sealed October 2022 and January 2023 court-authorized seizures of approximately $1.5 million in revenue generated by the same group of IT workers. According to the US government, the money was meant to fund North Korea's nuclear program.
One of the problems, it seems, is that companies don't vet new hires thoroughly enough. According to the FBI, one of the best ways to protect against these attacks is to be more careful with new hires, especially remote ones.
"This scheme is so prevalent that companies must be vigilant to verify whom they're hiring," the FBI explains. "At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities. Without due diligence, companies risk losing money or being compromised by insider threats they unknowingly invited inside their systems.”
tags
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.
View all postsNovember 14, 2024
September 06, 2024