Security News > 2024 > May > US exposes scheme enabling North Korean IT workers to bypass sanctions

US exposes scheme enabling North Korean IT workers to bypass sanctions
2024-05-17 11:34

The US Justice Department had unsealed charges against a US woman and an Ukranian man who, along with three unidentified foreign nationals, have allegedly helped North Korean IT workers work remotely for US companies under assumed US identities and thus evade sanctions.

According to the court documents, the conspirators defrauded over 300 US companies by using US payment platforms and online job site accounts, proxy computers located in the United States, and witting and unwitting US persons and entities.

"The overseas IT workers gained employment at US companies, including at a top-five major television network, a Silicon Valley technology company, an aerospace manufacturer, an American car manufacturer, a luxury retail store, and a US-hallmark media and entertainment company, all of which were Fortune 500 companies. Some of these companies were purposely targeted by a group of DPRK IT workers, who maintained postings for companies at which they wanted to insert IT workers," the DOJ says.

The US woman "Ran a 'laptop farm,' hosting the overseas IT workers' computers inside her home so it appeared that the computers were located in the United States, and also received and forged payroll checks and received direct deposits of the overseas IT workers' wages from the US companies into her US financial accounts," the DOJ claims.

Both have been arrested and the Ukrainian national is awaiting extradition from Poland to the US. According to the State Department, this scheme went on from October 2020 to 2023 and generated at least $6.8 million for the DPRK. How to identify North Korean IT workers.

US authorities have been warning about North Korean hackers posing as IT freelancers and seeking employment at US-based companies for several years, and sharing advice on how to spot them to avoid hiring them.


News URL

https://www.helpnetsecurity.com/2024/05/17/north-korean-it-workers/