The FBI and the US Department of Justice provided details on an investigation into a scheme that involved freelance tech workers who were funneling money to North Korea’s nuclear weapons program.
In a plot that sounds like something out of a James Bond movie, a group of workers from The Democratic People’s Republic of Korea posed as American-based IT workers for hire.
American companies, particularly during the pandemic, were very willing to hire remote workers, sometimes sight unseen, to fill gaps in their IT groups.
This scheme dates back to before the pandemic, however, and includes companies based in both Russia and China.
Those companies, China Silver Star and Volasys Silver Star, were sanctioned in 2018 by the DOJ for posing as IT services companies while in fact being controlled and run by North Korea.
The more recent announcement details 17 websites fraudulently offering IT services from servers based in St. Louis.
Unwitting companies seeking IT services would make contact with these companies who would set up contracts fulfilled by workers actually based in North Korea.
The funds paid for these services would be funneled through companies in Russia and China and finally back to North Korea where the DOJ believes the money was used to assist in North Korea’s nuclear missile development program.
In addition, once workers obtained access to their client’s networks, they were able to steal unprotected data for misuse, ransom, or sale on the dark web.
Special Agent in Charge Jay Greenberg of the FBI St. Louis Division said, “This scheme is so prevalent that companies must be vigilant to verify whom they’re hiring. At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities.”