U.S. Department of Justice and Microsoft Focus on North Korean Tech Specialists
In a significant move, the US Justice Department has announced a coordinated action against North Korean attempts to find jobs for its IT workers within the country. This action comes following the dismantling of two major schemes that involved the laundering of illicit funds and the stealing of virtual currency.
The first scheme, uncovered earlier, saw the seizure of 29 financial accounts used to launder illicit funds and the takedown of 21 fraudulent websites. In a separate indictment, four North Korean nationals are charged with a scheme to steal $900,000 in virtual currency from two firms and launder the proceeds.
The operation, announced yesterday, includes an indictment charging several Chinese, Taiwanese nationals, and a US citizen, Zhenxing "Danny" Wang of New Jersey, for facilitating remote IT work at over 100 US companies from 2021-2024.
Communication, networking, and developer platforms like GitHub are used by these workers to showcase 'portfolios' of previous work. However, they also employ various tactics to evade detection. VPNs, virtual private servers (VPSs), and proxy services are commonly used, while Remote Monitoring and Management (RMM) tools are used to connect to a device housed at a facilitator's laptop farm.
Facilitators play a crucial role in validating fraudulent identities and managing logistics for North Korean IT workers. They might be asked to create new bank accounts or purchase SIM cards for the workers. In some cases, they allegedly received almost $700,000 for their help, while the scheme itself caused costs of at least $3m in legal fees, computer network remediation, and other damages and losses.
Microsoft has been active in combating these schemes. They have suspended 3000 consumer grade Outlook and Hotmail accounts linked to suspected North Korean IT worker schemes and alerted customers via Microsoft Entra ID Protection and Microsoft Defender XDR.
AI is used by state-backed fraudsters to polish fake resumes, manipulate images of the workers, and help them experiment with voice-changing software. The organization behind "Jasper Sleet" is often linked to North Korean IT worker fraud scandals involving fake foreign job offers. Microsoft recommends companies implement strong identity verification, employee training on phishing awareness, and robust incident response plans to prevent or limit such scams.
Microsoft has published a lengthy list of investigation, monitoring, and remediation tips for companies. The company urges businesses to stay vigilant and proactive in protecting their digital assets against these sophisticated threats.
Read also:
- China's Automotive Landscape: Toyota's Innovative Strategy in Self-Driving Vehicles
- Enlarged Financial Plan of MGM Osaka Integrated Resort Surpasses $10 Billion Mark
- Determining if Your Partner is Employing Telegram for Infidelity
- Tesla's Autonomous Taxi: Human Intervention in AI-Driven Vehicles Unveiled as Controversy
