North Korean IT worker scam linked to Chinese front companies
The North Korean fraudulent IT worker scheme took on a new twist when it was reported Nov. 21 that four companies disrupted by the U.S. government on Oct. 10 were traced back to a broader network of front companies originating from China.
Researchers from SentinelLabs said in a Nov. 21 blog post that this new report stands out because of the link to China, the ability of the threat actors to appear as fraudulent companies as opposed to personas, plus the discovery of four previously unreported front companies.
“By impersonating legitimate U.S.-based software and technology consulting firms, North Korean actors aim to gain trust and access to sensitive contracts, circumventing sanctions and evading detection,” wrote the SentinelLabs researchers. “These tactics highlight a deliberate and evolving strategy that leverages the global digital economy to fund state activities, including weapons development.”
In October 2023, the U.S. government seized 17 websites that defrauded businesses in the U.S. and abroad by letting North Korean IT workers conceal their true identities when applying online to do remote work around the world. Most notably, leading security company KnowBe4 was victimized by this scheme.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25745281/nasa_blue_origin_lander.png)
