The U.S. Justice Department announced the seizure of 17 web domains used by North Korean tech workers involved in a fraudulent scheme that aimed to defraud American and foreign businesses, evade sanctions, and support North Korea’s weapons program. These seizures are intended to safeguard U.S. companies from infiltration by North Korean hackers and prevent them from unwittingly financing the regime’s weapons initiatives.
In addition to the domain seizures, the U.S. government also recovered $1.5 million in revenue stolen by the same group of North Korean tech workers in previous actions. Court documents revealed that these tech specialists established 17 website domains resembling legitimate U.S.-based tech companies to conceal their identities while applying for remote work.
The North Korean tech workers, employed by China-based Yanbian Silverstar Network Technology and Russia-based Volasys Silver Star, had previously faced sanctions in 2018 for sending earnings from their fraudulent work in the U.S. back to North Korea using online payment services and Chinese bank accounts. The FBI issued a warning to American and international companies about the risks associated with hiring North Korean tech workers, emphasizing the potential theft of intellectual property, data, money, damage to reputation, and legal consequences such as sanctions.
U.S. authorities assert that North Korea sent thousands of skilled tech workers to live abroad in China and Russia, deceiving U.S. and global businesses into hiring them. The Justice Department disclosed that these workers generated millions of dollars annually to fund North Korea’s weapons programs, often hacking into their employers’ networks for future extortion and data theft.
The rise of remote work has increased the likelihood of accidentally hiring North Korean actors, prompting U.S. law enforcement to recommend vigilance and the recognition of specific “red flags” to detect these threats early.
Some warning signs include reluctance to appear on camera for video meetings, concerns about drug tests or in-person meetings, indications of cheating on coding tests, inconsistent social media profiles, repeated requests for prepayment, threats to release source codes, and language preferences that do not align with claimed origins. To prevent unintentionally hiring North Korean tech workers, the FBI advises businesses to take precautions such as verifying financial information, maintaining interaction records, securing devices, requesting notarized proof of identity, and using trustworthy online freelance platforms with strong identity verification.
U.S. Attorney Sayler A. Fleming for the Eastern District of Missouri emphasized the need for caution when hiring and granting access to IT systems, warning that employers may inadvertently fund North Korea’s weapons program or expose themselves to data theft and extortion attempts.
