CyberSecurity news
FlagThis
@www.microsoft.com
//
The U.S. Department of Justice (DOJ) has announced a major crackdown on North Korean remote IT workers who have been infiltrating U.S. tech companies to generate revenue for the regime's nuclear weapons program and to steal data and cryptocurrency. The coordinated action involved the arrest of Zhenxing "Danny" Wang, a U.S. national, and the indictment of eight others, including Chinese and Taiwanese nationals. The DOJ also executed searches of 21 "laptop farms" across 14 states, seizing around 200 computers, 21 web domains, and 29 financial accounts.
The North Korean IT workers allegedly impersonated more than 80 U.S. individuals to gain remote employment at over 100 American companies. From 2021 to 2024, the scheme generated over $5 million in revenue for North Korea, while causing U.S. companies over $3 million in damages due to legal fees and data breach remediation efforts. The IT workers utilized stolen identities and hardware devices like keyboard-video-mouse (KVM) switches to obscure their origins and remotely access victim networks via company-provided laptops.
Microsoft Threat Intelligence has observed North Korean remote IT workers using AI to improve the scale and sophistication of their operations, which also makes them harder to detect. Once employed, these workers not only receive regular salary payments but also gain access to proprietary information, including export-controlled U.S. military technology and virtual currency. In one instance, they allegedly stole over $900,000 in digital assets from an Atlanta-based blockchain research and development company. Authorities have seized $7.74 million in cryptocurrency, NFTs, and other digital assets linked to the scheme.
ImgSrc: www.microsoft.c
References :
The North Korean IT workers allegedly impersonated more than 80 U.S. individuals to gain remote employment at over 100 American companies. From 2021 to 2024, the scheme generated over $5 million in revenue for North Korea, while causing U.S. companies over $3 million in damages due to legal fees and data breach remediation efforts. The IT workers utilized stolen identities and hardware devices like keyboard-video-mouse (KVM) switches to obscure their origins and remotely access victim networks via company-provided laptops.
Microsoft Threat Intelligence has observed North Korean remote IT workers using AI to improve the scale and sophistication of their operations, which also makes them harder to detect. Once employed, these workers not only receive regular salary payments but also gain access to proprietary information, including export-controlled U.S. military technology and virtual currency. In one instance, they allegedly stole over $900,000 in digital assets from an Atlanta-based blockchain research and development company. Authorities have seized $7.74 million in cryptocurrency, NFTs, and other digital assets linked to the scheme.
ImgSrc: www.microsoft.c
Share:
References :
- Zack Whittaker: New, by : The DOJ has taken action against a North Korean money-making operation, which relied on undercover remote IT workers inside U.S. tech companies to raise funds for the regime’s nuclear weapons program, as well as to steal data and cryptocurrency.
- techcrunch.com: US government takes down major North Korean remote IT workers operation
- www.microsoft.com: Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations
- WIRED: Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams
- The Hacker News: U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms
Classification:
- HashTags: #NorthKorea #CyberEspionage #AI
- Company: Microsoft
- Target: US Organizations
- Attacker: North Korea
- Product: Microsoft Threat Intelligence
- Feature: AI-enhanced operations
- Malware: PylangGhost
- Type: Espionage
- Severity: Major