November 21st 2024.
The FBI recently took action against several websites that were being used by North Korean operatives to pose as legitimate US and Indian businesses. This scheme was likely an attempt to raise funds for their nuclear-armed regime, according to statements from the websites and security researchers who looked into the matter.
One cybersecurity firm, SentinelOne, identified four of these websites as fronts for North Korean operations. These websites, which had statements in both English and Korean, were seized by the US District Court of Massachusetts as part of a coordinated law enforcement action against the North Korean government.
Upon further investigation, SentinelOne researchers discovered that these front companies were linked to a larger group of organizations based in China. The Biden administration has been working to address the issue of fake companies like these, and the Trump administration will continue to handle this ongoing national security challenge.
According to a White House official, approximately half of North Korea's missile program is funded by cyberattacks and cryptocurrency theft. The front companies created by the North Koreans closely imitated the websites of various US software and consulting firms, and even encouraged potential clients to get in touch.
CNN reached out to the FBI for comment on the situation. In a statement released by the FBI and other US law enforcement agencies, visitors to the seized websites were directed to a 2022 warning from US officials about North Korea's use of IT workers abroad to secretly raise money for their regime.
A CNN investigation back in 2022 uncovered North Korean operatives posing as other nationalities in an aggressive attempt to infiltrate US cryptocurrency and tech companies. One American entrepreneur revealed that his company had unknowingly sent a large sum of money to the North Korean government, according to the FBI.
In some cases, it appears that the North Koreans may have received assistance from Americans. In May, a US federal prosecutor charged an Arizona woman with participating in a fraud scheme that helped foreign IT workers pose as Americans and earn millions of dollars that could potentially benefit North Korea.
Tom Hegel, a principal threat researcher at SentinelOne, stated that the recently seized websites and front companies are just the tip of the iceberg. He believes that these discoveries represent only a small portion of a larger, deeply entrenched operation that is designed to remain hidden in plain sight.
Hegel and his colleague, Dakota Cary, traced some of the front-company activity to an address in Liaoning, a Chinese province that borders North Korea. This is not the first time that researchers have linked North Korean operations to northeast China. In April, CNN reported on a North Korean computer server that contained illustrations created for US animation studios, with logs showing multiple visits from internet connections in northeast China.
[This article has been trending online recently and has been generated with AI. Your feed is customized.]
[Generative AI is experimental.]
