Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

The U.S. government seized 17 website domains used by North Korean IT workers in a fraudulent scheme to defraud businesses worldwide. The U.S. government announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of a fraudulent scheme illicit scheme to defraud businesses worldwide. The illicit funds defraud U.S. and […]

North Korea Lazarus APT

The U.S. government seized 17 website domains used by North Korean IT workers in a fraudulent scheme to defraud businesses worldwide.

The U.S. government announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of a fraudulent scheme illicit scheme to defraud businesses worldwide.

The illicit funds defraud U.S. and foreign businesses, evade sanctions and fund the development of the DPRK government’s weapons program.

The operation aimed at evade sanctions and fund the development of the DPRK government’s weapons program.

The US authorities seized approximately $1.5 million of the revenue that the IT workers obtained from their illegal activity in October 2022 and January 2023.

“These seizures follow the previously sealed October 2022 and January 2023 court-authorized seizures of approximately $1.5 million of the revenue that the same group of IT workers collected from unwitting victims as a result of their scheme, as well as the development of public-private information-sharing partnerships that denied the IT workers access to their preferred online freelance work and payment service providers.” reads the DoJ’s announcement.

Most of the ill-intentioned information technology workers live in China and Russia, their mission was to deceive companies worldwide into hiring them under fake identities.

The North Korean IT workers used any means to cover their operations, including pseudonymous email, social media, payment platforms, online job sites, counterfeit websites, proxy servers situated across the world, as well as the involvement of informed and uninformed third parties. The IT workers annually generated substantial sums of money on behalf of designated entities, including the North Korean Ministry of Defense and others directly implicated in the DPRK’s United Nations-prohibited Weapons of Mass Destruction (WMD) initiatives.

In some cases investigated by the US Government, the IT workers also infiltrated the computer networks of unwitting employers to steal information and maintain access for future malicious activities. The U.S. government described this scheme in a May 2022 advisory.

The group of DPRK IT workers that designed the 17 website domains seized by the authorities work for the PRC-based Yanbian Silverstar Network Technology Co. Ltd. and the Russia-based Volasys Silver Star, which had previously been sanctioned in 2018 by the Department of the Treasury.

These IT workers sent the proceeds from their deceptive IT activities to North Korea by utilizing online payment platforms and Chinese bank accounts.

“Employers need to be cautious about who they are hiring and who they are allowing to access their IT systems,” said U.S. Attorney Sayler A. Fleming for the Eastern District of Missouri. “You may be helping to fund North Korea’s weapons program or allowing hackers to steal your data or extort you down the line.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, North Korean IT workers)