FlagThis

A North Korean IT worker, who adopted the alias 'Bane', is at the center of a fraudulent scheme that targeted numerous US companies. This individual, along with others, is accused of infiltrating these companies to steal confidential source codes, and then demand ransom payments to prevent the release of the stolen data. This is not an isolated incident as it seems the operation has been ongoing since 2018 and ran until around August 2024 with other North Korean nationals involved.

Five individuals have been indicted in connection with this cyber operation. The individuals are accused of creating fake US worker visa documents and setting up staffing companies to secure employment for remote contractors, specifically North Korean IT workers, in positions such as mobile app developers and specialist engineers. These individuals also established US bank accounts and used other payment platforms to launder the money. The scheme successfully deceived at least 64 US companies, with payments made by just ten of these organizations totaling approximately $866,255.

ImgSrc: blogger.googleu

References :

• ciso2ciso.com: The U.S. has sanctioned North Korean IT worker network supporting WMD programs.
• : The sanctions target organizations and individuals believed to be generating illicit revenue for the North Korean government.
• malware.news: The U.S. has continued its crackdown against North Korean IT worker scams with sanctions against the country's government weapons trading office Department 53 and its Laos-based front companies Korea Osong Shipping and Chonsurim Trading Corporation.
• The Hacker News: The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency.
• ciso2ciso.com: North Korean dev who renamed himself ‘Bane’ accused of IT worker fraud scheme – Source: go.theregister.com
• Cyber Security News: Reporting on the alleged scheme and its impact on businesses.
• The Register: The article details how North Korean individuals pose as IT workers, gaining access to sensitive information and demanding extortion.
• : North Korean dev who renamed himself ‘Bane’ accused of IT worker fraud scheme
• ciso2ciso.com: North Korean dev who renamed himself ‘Bane’ accused of IT worker fraud scheme – Source: go.theregister.com
• go.theregister.com: North Korean developers are engaged in a long-running fraudulent scheme involving remote IT workers.
• www.justice.gov: Indictments issued in connection with the fraudulent remote IT worker scheme. The scheme includes North Korean nationals. The targets include American businesses.
• cybersecuritynews.com: North Korean IT workers masquerading as remote workers have been breaking into Western companies, stealing confidential source codes, and requesting ransoms to prevent their release.
• oodaloop.com: The Department of Justice has arrested several individuals who were involved with a North Korean program to trick companies into hiring North Koreans for remote positions.
• www.bleepingcomputer.com: The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them.
• www.computerworld.com: The US Department of Justice this week announced that it had indicted two North Korean nationals and three other men, accusing them of participating in a conspiracy designed to trick US companies into funding the North Korean regime.
• ciso2ciso.com: North Korean Fake IT Workers More Aggressively Extorting Enterprises
• ciso2ciso.com: North Korean Fake IT Workers More Aggressively Extorting Enterprises
• Techmeme: The FBI warns that North Korean IT workers are abusing their access to steal source code and extort US companies that have been tricked into hiring them (Sergiu Gatlan/BleepingComputer)
• www.techmeme.com: The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them.
• CSO Online: One recent case saw a bad actor use deepfake video technology and automated voice translation in a video interview, though this didn’t work particularly well and the interviewers were easily able to tell that something was wrong.
• ciso2ciso.com: US Charges Five People Over North Korean IT Worker Scheme – Source: www.securityweek.com
• : DOJ indicts North Korean conspirators for remote IT work scheme
• ciso2ciso.com: News article about North Korean hackers.
• ciso2ciso.com: US Charges Five People Over North Korean IT Worker Scheme – Source: www.securityweek.com
• Help Net Security: The FBI is on a mission to raise awareness about the threat that North Korean IT workers present to organizations in the US and around the world.
• : The FBI warned about North Korean IT workers increasingly exploiting remote access to steal sensitive data and extort companies.
• The Hacker News: The indictment targets individuals including two North Korean nationals, a Mexican national, and two U.S. nationals.
• BleepingComputer: The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them.

Classification:

• HashTags: #NorthKorea #ITFraud #CyberCrime
• Target: Various companies
• Attacker: North Korea
• Feature: IT worker fraud
• Type: Ransomware
• Severity: Major