FBI: North Korea sends many IT employees and developers to China and Russia to work for Western companies and use the money to finance the North Korean missile program. North Koreans also offer their services via freelance platforms, but use IP spoofing to disguise where they really come from. The FBI warns and takes action against registered domains and networks.
Due to the shortage of skilled workers, many companies are increasingly relying on unknown IT freelancers who work remotely. As the FBI has discovered, American companies in particular often use IT freelancers from Russia, China and other Asian countries. Many people don't notice that they hire IT freelancers controlled by North Korea who only pretend to work from another country using IP spoofing.
North Korean IT freelancers: camouflage and deceive
The FBI is currently not only warning about this, but is also proving that the money earned flows directly into the North Korean nuclear and missile program. It's probably worth millions of dollars. According to the FBI, North Korea also sends IT employees to China so that they can apply directly to Western companies or work locally as freelancers. They are also supposed to spy on the companies and send usable data to government agencies.
The FBI has currently seized 17 website domains and approximately $1,5 million from North Korean remote IT employees who were under contract with US companies. The domains were intended to be used for attacks on US and foreign companies. Furthermore, the ventures were intended to circumvent sanctions and finance the development of North Korea's weapons program. Many companies thought some of their employees were in the USA because they were accessing private American routers via IP spoofing. According to the FBI, American router owners received generous financial compensation for their use.
FBI: North Korean IT employees installed backdoors
According to their investigation, the FBI even speaks of thousands of North Korean IT employees who were hired as remote IT employees. Many fake identities were used to deceive companies - especially during the Corona pandemic. Furthermore, in some cases, North Korean remote IT employees are also said to have infiltrated computer networks and stolen information in the process. They also installed some backdoors for other hackers to use for ransomware attacks and blackmail.
According to the FBI, the seized domains and the associated infrastructure should be used as an improved deception network for applications and the transfer of information. The publication of the investigation should also warn other companies, for example in Europe. American companies have probably recommended some remote IT employees for projects in which European companies are also involved.
According to a report by the AP, North Korean hackers are said to have stolen over $5 billion in the last 1,2 years stolen cryptocurrencies and other virtual assets. The security company and Google subsidiary Mandiant has also been analyzing and showing North Korea's attacks and activities for years major thefts, such as the $630 million heist.
Editor/sel
More at Justice.gov