The Justice Department announced on June 30 its latest hit in the game of geopolitical whac-a-mole against North Korea's nuclear weapons programs.
The department said on Monday that it had conducted a series of coordinated actions, including "two indictments, an arrest, searches of 29 known or suspected 'laptop farms' across 16 states, and the seizure of 29 financial accounts used to launder illicit funds and 21 fraudulent websites," after North Korean IT workers "successfully obtained employment with more than 100 U.S. companies" with the help of "individuals in the United States, China, United Arab Emirates, and Taiwan."
International sanctions make it practically impossible for North Korea to fund its nuclear programs through legitimate means. But rather than scuttling its efforts to become a nuclear power, the so-called Hermit Kingdom has turned to alternative sources of income, such as stealing billions of dollars worth of cryptocurrency and conducting ransomware operations against organizations in a variety of sectors. The latest scheme involves placing operatives in high-paying jobs at U.S. tech companies.
The State Department, Treasury Department, and FBI said (PDF) in 2022 that North Korea "has dispatched thousands of highly skilled IT workers around the world" who "in many cases misrepresent themselves as foreign (non-North Korean) or U.S.-based teleworkers, including by using virtual private networks (VPNs), virtual private servers (VPSs), purchased third-country IP addresses, proxy accounts, and falsified or stolen identification documents" in a bid to evade detection for as long as possible.
Yet the revelation of its not-so-secret funding operations hasn't discouraged North Korea. Quite the opposite: "We have observed the North Korean IT worker threat evolve," Google Cloud said in March. "We’ve detected North Korean IT workers conducting a global expansion beyond the U.S., with a notable focus on Europe. They have also intensified extortion campaigns against employers, and they’ve moved to conduct operations in corporate virtual desktops, networks, and servers."
Politico reported in May that "the scam is more widespread than previously understood and has recently hit many Fortune 500 companies." The problem is probably going to get worse before it gets better, too, with Wired reporting that generative AI has made it even more difficult for companies to determine if they're extending a job offer to a legitimate prospect or a North Korean operative. And help from people in the U.S. can mask other signs that a remote worker isn't above board.
The Justice Department said that "certain U.S.-based individuals [allegedly] enabled one of the schemes by creating front companies and fraudulent websites to promote the bona fides of the remote IT workers, and hosted laptop farms where the remote North Korean IT workers could remote access into U.S. victim company-provided laptop computers." It would be suspicious for a supposedly U.S.-based worker to have their laptop shipped outside the country; these "laptop farms" circumvent that issue.
Shutting down these operations can help protect companies from North Korean operatives who plan to use their access to private resources to steal intellectual property, provide information that could be useful for more overt cybercrime, and, yes, steal cryptocurrency. (The Justice Department said one undercover worker "stole virtual currency worth approximately over $900,000" from an Atlanta-based company.) The question is how long it'll take for other North Korean IT workers to take their place.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.