The US authorities announced the takedown of 17 website domains used by North Korean IT overseas workers in a scheme to allegedly defraud businesses in the US and across the globe, evade sanctions and fund the development of North Korea's weapons program.
According to the US Department of Justice, North Korean IT workers collected nearly $1.5 million of revenue through the fraud schemes. The DoJ said the criminal proceeds have been seized in October 2022 and January 2023.
The authorities allege that North Korea dispatched thousands of workers to other countries, in particular, Russia and China, to secure freelance IT jobs with businesses to make money for Pyongyang’s weapons program.
The scheme involved the use of pseudonymous email, social media, payment platforms and online job site accounts, as well as fake websites, proxy computers in the US and elsewhere.
In some cases, North Korean IT workers hacked into the computer networks of their employers to steal information and maintain access for future hacking and extortion schemes, the DoJ said.
In a related action, the FBI and South Korea released an updated advisory aiming to help organizations better understand and guard against the inadvertent recruitment, hiring, and facilitation of North Korean IT workers.