According to the FBI and the Department of Justice, thousands of information technology professionals employed by U.S. companies have covertly redirected millions of dollars from their earnings to support North Korea's ballistic missile initiative.
The Justice Department reported on Wednesday that IT workers, dispatched and contracted by North Korea to work remotely for companies in St. Louis and various U.S. locations, have utilized false identities to secure employment. The income they garnered was channeled into North Korea's weapons program, as disclosed by FBI officials during a press conference in St. Louis.
Court documents indicate that North Korea's government sent a multitude of skilled IT professionals to reside primarily in China and Russia. Their objective was to deceive American and international businesses into hiring them as freelance remote employees. These workers employed diverse methods to create the illusion of working in the United States, including compensating Americans to use their home Wi-Fi connections, as stated by Jay Greenberg, special agent in charge of the St. Louis FBI office.
Greenberg pointed out that companies that engaged freelance IT workers most likely ended up hiring individuals involved in this scheme. An FBI spokesperson confirmed that North Koreans had contracted with firms across the United States and in several other countries. "We can tell you that there are thousands of North Korea IT workers that are part of this," spokeswoman Rebecca Wu stated.
As part of the ongoing investigation, federal authorities have revealed the seizure of $1.5 million and the confiscation of 17 domain names.
The IT professionals managed to generate millions of dollars annually from their wages to bolster North Korea's weapons programs. In some instances, they infiltrated company computer networks and stole data. They also maintained access for future hacking and extortion endeavors, according to the Justice Department.
Authorities refrained from disclosing the names of companies that unknowingly employed North Korean workers, the onset of this practice, or the specifics of how investigators uncovered it. However, federal agencies have been aware of this scheme for some time.
In May 2022, the State Department, Department of the Treasury, and the FBI jointly issued an advisory warning of North Koreans attempting to secure employment while posing as non-North Korean nationals. The advisory emphasized North Korea's increased focus on education and training in IT-related subjects in recent years under Kim Jong Un's regime.
John Hultquist, the head of threat intelligence at cybersecurity firm Mandiant, indicated that North Korea's utilization of IT freelancers to finance its weapons program has been ongoing for over a decade but received a boost during the COVID-19 pandemic. "I think the post-COVID world has created a lot more opportunity for them because freelancing and remote hiring are a far more natural part of the business than they were in the past," Hultquist noted.
Commenti