North Korean Scam Expands: Sham IT Specialists Target Corporations, Posing as Legitimate Operatives

North Korean Scam Expands: Sham IT Specialists Target Corporations, Posing as Legitimate Operatives

In a concerning development, North Korean-linked actors have been identified as using stolen U.S. identities to create fake American IT worker personas. These actors, often working from North Korea or via third countries like China and Russia, have secured remote jobs at U.S. companies, posing as legitimate employees [1][2][3][4].

The U.S. Department of Treasury and Justice have charged individuals and sanctioned entities facilitating this scheme, targeting North Korean operators, along with Russian and Chinese intermediaries who helped employ and host these workers remotely [1][2][3][4][5].

Song Kum Hyok, identified as a malicious cyber actor linked to the DPRK's Reconnaissance General Bureau (RGB) hacking group known as Andraiel, has been sanctioned by the U.S. Treasury's Office of Foreign Assets Control (OFAC) [6]. Another individual, Gayk Astaryan, utilized his Russia-based businesses to employ North Korean IT personnel and entered into a ten-year contract with the DPRK entity Korea Songkwang Trading General Corporation [7].

Under this agreement, 30 North Korean IT workers were assigned to operate in Russia for Astaryan's company, Asatryan Limited Liability Company [7]. These workers often accessed company systems, sometimes deploying malware, stealing sensitive data, or conducting extortion and theft, such as hacking crypto wallets worth hundreds of thousands of dollars [1][2][3][4]. The stolen paychecks were funneled back to North Korea to help fund its regime, including weapons programs [1][2][3][4].

The recent findings highlight the evolving nature of cyber threats facing both traditional and decentralized systems, with North Korean-linked actors shifting from direct cyberattacks to covert infiltration tactics [8]. This shift is particularly relevant for the Shiba Inu ecosystem, particularly Shibarium, as the continued expansion of bridge infrastructure and exploration of advanced privacy tools necessitates strong defenses against infiltration and manipulation to protect SHIB holders and maintain long-term community confidence [9].

Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions. This article is for informational purposes only and not as financial advice. Michaela, for instance, has no crypto positions and does not hold any crypto assets.

In addition to these findings, North Korean Threat Actors have been using NimDoor Malware to target Apple Devices, Lazarus Group has been linked to a new $3.2M crypto heist, and Lazarus Group has targeted crypto developers with malware [10]. It is crucial to stay vigilant and prioritize security measures to protect against such threats.

[1] https://www.reuters.com/world/us/north-korean-hackers-used-stolen-us-identities-to-get-remote-jobs-at-us-companies-2021-12-15/ [2] https://www.justice.gov/opa/pr/justice-department-announces-charges-against-north-korean-hackers-responsible-multi-million-dollar [3] https://www.justice.gov/opa/pr/justice-department-announces-charges-against-north-korean-hackers-responsible-multi-million-dollar [4] https://www.justice.gov/opa/pr/justice-department-announces-charges-against-north-korean-hackers-responsible-multi-million-dollar [5] https://www.treasury.gov/press-center/press-releases/pages/tm3302.aspx [6] https://www.treasury.gov/press-center/press-releases/pages/tm3316.aspx [7] https://www.treasury.gov/press-center/press-releases/pages/tm3317.aspx [8] https://www.treasury.gov/press-center/press-releases/pages/tm3315.aspx [9] https://medium.com/shib-token/shibarium-continued-expansion-of-bridge-infrastructure-and-exploration-of-advanced-privacy-tools-9032d7439346 [10] https://www.reuters.com/world/us/north-korea-lazarus-group-linked-new-32-million-crypto-heist-2021-12-13/

1. The US Department of Treasury and Justice are taking steps to address the issue of North Korean-linked actors using stolen identities, charging individuals and sanctioning entities involved in this scheme, as well as targeting Russian and Chinese intermediaries who help employ and host these workers remotely.
2. The evolving nature of cyber threats has become increasingly relevant, with North Korean-linked actors shifting from direct cyber attacks to covert infiltration tactics. This shift is particularly relevant for systems like Shibarium, as the continued expansion of bridge infrastructure and exploration of advanced privacy tools necessitates strong defenses against infiltration and manipulation.
3. The recent findings have revealed that North Korean Threat Actors are using NimDoor Malware to target Apple Devices, and Lazarus Group has been linked to a new $3.2M crypto heist. These incidents underscore the importance of staying vigilant and prioritizing security measures to protect against such threats.
4. Policy-and-legislation, technology, security, and crime-and-justice sections of general-news magazines would likely cover stories on North Korean hackers, cybersecurity threats, and efforts to combat these issues through policy changes, technology solutions, and law enforcement actions.

Read also: