Connect with us


North Korean IT workers posed as US employees, infiltrated Fortune 500 firms, feds say



Dive Brief:

  • A U.S. national conspired with overseas information technology workers to defraud more than 300 U.S. companies and at least three federal agencies, generating at least $6.8 million benefiting foreign individuals and entities including North Korea, the U.S. Department of Justice alleged in court documents unsealed Thursday.
  • A grand jury indictment detailed claims that an Arizona woman and other co-conspirators falsified employment eligibility verification forms and submitted false wage and benefits information on behalf of IT workers whose identities were stolen or borrowed from more than 60 U.S. persons. All of the affected employers — none of which are mentioned by name in the suit — were Fortune 500 companies, DOJ said.
  • The approximately three-year-long scheme began in or around October 2020, according to the indictment. DOJ said the Arizona woman operated a “laptop farm” in which several U.S. company laptops were connected to those companies’ networks at one location and operated remotely by the IT workers. The agency issued a separate arrest warrant for a Ukrainian national it alleged was also involved in the conspiracy.

Dive Insight:

The indictment is partly related to a 2023 DOJ operation in which the agency seized website domains allegedly used by North Korean IT workers to defraud U.S. and foreign businesses to fund development of the country’s weapons program, according to a May 16 press release.

Though DOJ did not reveal the names of affected employers, it did describe several of them. They included a “top-5 national television network and media company,” a “premier Silicon Valley technology company” and an “iconic American car manufacturer,” among others. Two companies, a multinational restaurant chain and a “classic American clothing brand,” allegedly saw data exfiltrated by participants in the scheme.

Conspirators also unsuccessfully attempted to gain employment and access to information from two different U.S. government agencies on three different occasions, DOJ alleged.

Schemes to submit fraudulent remote work applications are not unheard of and had even previously received attention from federal law enforcement agencies. For example, the FBI issued a 2022 public service announcement in which it cautioned employers about the use of deepfakes and stolen personally identifiable information to obtain remote positions.

Employers have also experienced data breaches in which job applicants’ information has been compromised. Experts have previously cautioned employers that HR and employment data is highly sought after by cyber criminals.

Read the full article here