The DoJ just busted a massive scam involving North Korean IT workers infiltrating major US companies.
They had some help in the US and were posing as remote freelancers to siphon off money and sensitive info.
Holy crap, here's what we know:
They had some help in the US and were posing as remote freelancers to siphon off money and sensitive info.
Holy crap, here's what we know:
How they operated:
North Korean operatives are stationed in countries like China, Russia, and parts of Eastern Europe and Southeast Asia.
They then use fake documents and buy accounts to get remote jobs in the States.
North Korean operatives are stationed in countries like China, Russia, and parts of Eastern Europe and Southeast Asia.
They then use fake documents and buy accounts to get remote jobs in the States.
On May 16, the DOJ indicted five people connected to this scheme.
One is an Arizona woman who helped North Korean IT workers by validating stolen identities, making them look like US citizens.
One is an Arizona woman who helped North Korean IT workers by validating stolen identities, making them look like US citizens.
This woman also hosted laptops from US companies to spoof locations
This bypassed any geofencing making it seem like the North Korean workers were based in the US.
This bypassed any geofencing making it seem like the North Korean workers were based in the US.
The scheme has raked in millions of dollars in wages from over 300 companies.
This money likely supports North Korea's regime, including its nuclear weapons program, according to the FBI.
This money likely supports North Korea's regime, including its nuclear weapons program, according to the FBI.
North Korea's government is highly motivated due to heavy international sanctions.
They've been behind major cyber heists like the $81 million stolen from Bangladesh Bank via the SWIFT system in 2016.
They've been behind major cyber heists like the $81 million stolen from Bangladesh Bank via the SWIFT system in 2016.
Facilitators, or "mules," are key players in this operation.
They manage multiple fake identities and handle risky tasks like job interviews and drug tests, then pass the credentials to the actual North Korean workers.
They manage multiple fake identities and handle risky tasks like job interviews and drug tests, then pass the credentials to the actual North Korean workers.
These facilitators make big money.
For example, a Ukrainian facilitator managed about 870 identities and hosted 80 computers, earning over $900,000 over six years.
For example, a Ukrainian facilitator managed about 870 identities and hosted 80 computers, earning over $900,000 over six years.
The IT workers, often highly skilled, work under harsh conditions with strict oversight.
Their activities include cryptojacking, targeting security researchers(!!!), and other cyber attacks to fund the regime.
Their activities include cryptojacking, targeting security researchers(!!!), and other cyber attacks to fund the regime.
How does your company verify remote worker identities? Would your process stand up to this threat?
DoJ Source: justice.gov/opa/pr/charges…
I cover this and dozens more cybersecurity news stories ever week in my free newsletter.
Join over 12,000 other pros here: vulnu.xyz/tw
Join over 12,000 other pros here: vulnu.xyz/tw
• • •
Missing some Tweet in this thread? You can try to
force a refresh
