US Charges 14 North Koreans in $88M Cyber Theft Scheme
The US has charged fourteen North Korean nationals for a sophisticated cyber operation that has been funneling millions of dollars to the regime. The scheme involved using stolen identities to gain remote IT jobs in the US and stealing sensitive information.
The operation, uncovered by our website's investigation, employed information-stealing malware to infect accounts linked to fake domains used for embellished resumes and references. The malware allowed the hackers to gain access to various corporate HR sites and job boards, as evidenced by numerous saved credentials found under the 'jsilver617' username. This username is associated with the notorious Lazarus Group, a North Korean threat actor.
The investigation also revealed tactics and procedures used by the hackers, including discussions about persuading managers to avoid using cameras during meetings and manipulating voices. Browser history on an infected host in Lahore, Pakistan, showed translations between English and Korean, providing insights into their methods. Furthermore, messages hinted at shipping electronic devices internationally, possibly to move stolen data or funds.
Over the past six years, this scheme has generated at least $88 million USD for the North Korean government. Since the discovery of the operation, reports of more secret agents from the DPRK siphoning funds and intellectual property have increased, particularly in the Fortune 500 companies, technology, and cryptocurrency industries. The US has now indicted fourteen individuals involved in this scheme, sending a strong message against such cyber activities.
