In August 2023, in Nashville, United States, FBI agents arrived at Matthew নিউ's residence with a search warrant. They discovered a room full of computers actively performing tasks under remote control. These activities, however, did not appear illegal. Instead, the computers were seemingly engaged in legitimate work. Further investigation revealed dozens of fake identities, altered photos of American citizens, and hundreds of job applications. Matthew was arrested under the suspicion of collaborating with cyber criminals. However, it was discovered that he was actually helping individuals secure US-based IT jobs. His clients were using false identities, impersonating real Americans, applying for jobs, performing the work, and even paying taxes. Initially, this seemed like a minor crime, but authorities soon uncovered a far more significant issue.
It turned out that Matthew was aiding trained North Korean personnel in securing these IT positions. The money they earned was directly funding North Korea's nuclear program. According to the US indictment, each worker connected to Matthew's operation had earned over $250,000 between 2022 and 2023. What seemed like a minor crime was actually a sophisticated scheme that funneled tens of millions of dollars from US companies to support North Korea's military dictatorship.
The Scheme Unveiled
The operation involved individuals like Yang D, a North Korean undercover agent, collaborating with Matthew নিউ. Yang agreed to collaborate on defrauding several US companies of hundreds of thousands of dollars. Yang began registering on various freelancing sites and sending dozens of resumés to American companies seeking IT personnel. He assumed the identity of an American man named Andrew M, whose identity had been stolen or purchased on the dark web. Yang scheduled multiple video interviews with American companies and secured three different jobs in the US and one in the UK. The total salary of these jobs amounted to $459,000 per year.
However, a problem arose: the companies wanted Yang to use their computers, but since he was actually in China, this was impossible. This is where Matthew নিউ came back into the picture. Instead of Yang receiving the laptops, they were shipped to নিউ's residence, allegedly listed as Andrew M's address. নিউ set up the machines and installed AnyDesk, allowing Yang to remotely access them from his real location, allegedly in a Chinese North Korean Border Town, known to harbor North Korean cyber units. Over the next few months, Yang simply did his job, paying নিউ around $2,000 per month for facilitating his operation and keeping track of his taxes. New allegedly believed that by recruiting others into the scheme, he could earn even more with minimal effort.
The масштаба of the Operation
নিউ's IT farm was just one of hundreds, if not thousands, of IT farms that were part of a massive fraud operation. In 2022, North Korea launched this special operation, deploying thousands of secret agents worldwide to establish IT farms and build networks with local collaborators. The US issued multiple international alerts about this new North Korean scheme, which had effectively weaponized tech talent to fund its regime.
Beyond Stealing Jobs
Stealing jobs was only the beginning. About 100 million US consumers had their personal credentials leaked and sold on the dark web in 2023. Because most people use the same credentials for everything, their workplaces are also targeted. If someone breaches an account, hackers can steal data, commit fraud, or drain the company's finances.
Targeting IT Security Companies
In July 2024, a recruiter for নো বিফোর, an IT security company, was minutes away from a video call with a promising new candidate. The applicant, an Asian man from the US, seemed perfect for the AI security position. After multiple video calls, they signed contracts and agreed to work together. The new hire was sent one of the company's devices and encouraged to start working. Minutes after the device went online, it began acting strangely, disabling the company's integrated security measures, manipulating session history files, transferring harmful files, and executing unauthorized software.
নো বিফোর's security systems went into overdrive, and the company's security supervisor tried to contact the new employee. The machine was being controlled from North Korea. The company's security team contained the machine, preventing catastrophic consequences.
The Importance of Cyber Security
The dprk is targeting IT security companies. To keep businesses safe, creating hard-to-crack passwords for workplace accounts is crucial. Credentials can be shared in encrypted form without revealing them to the recipient. Access to credentials can be revoked when someone stops working at the company, keeping everything organized. NordPass constantly scans the dark web and alerts users if their accounts have been compromised.
Conclusion
North Korea is funding its regime by using undercover agents to secure IT positions and infiltrating IT security companies. This sophisticated scheme funnels millions of dollars from US companies to support North Korea's military dictatorship.
• North Korean agents are securing IT positions using fake identities.
• US companies are being defrauded of millions of dollars.
• IT security companies are being targeted.
• Personal credentials are being leaked and sold on the dark web.
• Cyber security is crucial for protecting businesses.
Responses (0 )