The United States Department of Justice has this week indicted 14 North Korean nationals with long-running conspiracies to violate US sanctions and to commit wire fraud, money laundering, and identity theft.
Specifically, the accused, who worked for North Korean-controlled companies Yanbian Silverstar and Volasys Silverstar located in China and Russia, conspired to use false, stolen, and borrowed identities of US and other persons to conceal their North Korean identities and foreign locations and obtain employment as remote information technology workers for US companies and nonprofit organisations.
The accused, some of whom were ordered by their superiors to earn at least USD10,000 per month, generated at least USD88 million throughout the approximately six-year conspiracy.
In multiple instances, the accused supplemented their employment earnings by stealing sensitive company information, such as proprietary source code, and then threatening to leak such information unless the employer made an extortion payment. Ultimately, the conspirators used the US and Chinese financial systems to remit the proceeds of their activity to accounts in China for the ultimate benefit of the North Korean government.
“In recent months, Mandiant has seen an increase in extortion attempts linked to North Korean IT workers, and for the first time, we’re seeing IT workers follow through on releasing sensitive data of organisations they’ve infiltrated to pressure victims into paying exorbitant ransoms,” said Michael Barnhart, who leads Mandiant’s North Korea threat hunting team. “They’re also demanding more cryptocurrency than they ever have before.”
“We assess that the heightened media attention and ongoing government disruptions targeting their cyber operations this past year are forcing an escalation in their tactics,” he added.
“The latest indictments against key leaders of North Korea’s IT worker scheme represent an escalation from law enforcement agencies in disrupting these illicit operations. By targeting those orchestrating the scheme, these legal actions aim to dismantle the support infrastructure and impose substantial obstacles to their continued success.”
The Department of Justice says North Korea has dispatched thousands of skilled IT workers around the world, earning revenue that contributes to the North Korean regime with the aim of deceiving US and other businesses worldwide into hiring them as remote IT workers to generate revenue in violation of US and UN sanctions.
North Korean worker schemes involve the use of pseudonymous email, social media, payment platform and online job site accounts, as well as false websites, proxy computers, virtual private networks.
“Revealing the individuals and calling out their locations also sends a message that they’re no longer anonymous pseudonyms in an unknown region,” said Barnhart.
