U.S. seizes websites used by North Korean IT workers, issues updated warning

Thomas Maresca
·3 min read
14
UPI

SEOUL, Oct. 19 (UPI) -- The United States has seized 17 website domains used by North Korean information technology workers in order to disguise their identities, evade sanctions and fund the regime's illicit weapons programs, the Justice Department announced.

"The seizures announced today protect U.S. companies from being infiltrated with North Korean computer code and help ensure that American businesses are not used to finance that regime's weapons program," Assistant Attorney General Matthew Olsen of the department's National Security Division said in a press release issued Wednesday.

According to court documents filed in the Eastern District of Missouri, North Korea has dispatched thousands of IT workers to live abroad, mainly in Russia and China, in an effort to deceive businesses around the world into hiring them as freelancers.

The seized websites appeared to be the domains of legitimate, U.S.-based IT services companies. The North Korean workers behind the sites actually work for China-based Yanbian Silverstar Network Technology Co. and Russia-based Volasys Silver Star, however, and had been previously sanctioned by the U.S. Treasury Department in 2018.

The United States and South Korea issued a new round of sanctions on entities related to North Korean IT workers in May.

The fraudulent scheme generated millions of dollars a year for Pyongyang's banned weapons of mass destruction programs, the department said. Some of the North Korean IT workers also allegedly broke into their employers' computer networks to steal information and maintain access for future hacking.

"Employers need to be cautious about who they are hiring and who they are allowing to access their IT systems," U.S. Attorney Sayler Fleming of the Eastern District of Missouri said. "You may be helping to fund North Korea's weapons program or allowing hackers to steal your data or extort you down the line."

The domain seizures follow the previously sealed court-authorized October 2022 and January seizure of approximately $1.5 million in revenue collected by the same group of IT workers, the Justice Department said.

The United States and South Korea also released updated guidance Wednesday meant to help companies avoid inadvertently hiring North Korean IT workers.

The advisory includes red flags such as an unwillingness to appear on camera or conduct video interviews, aggressive demands for prepayment and language preferences set to Korean despite claiming to be from a non-Korean speaking country or region.

"The hiring or supporting of DPRK IT workers continues to pose many risks, ranging from theft of intellectual property, data and funds, to reputational harm and legal consequences," the Federal Bureau of Investigation said in a statement, using the official initialism for North Korea.

North Korea has continued to develop its weapons program despite longstanding U.N. Security Council sanctions banning any ballistic or nuclear activity.

The isolated regime has increasingly turned to cybercrime to raise funds, with North Korean hackers stealing more than $1.2 billion in cryptocurrency since 2017, according to the South Korean government.