Fears North Korean spies are posing as IT workers to infiltrate Western companies & earn cash for Kim's warped regime
Scroll down to read more about the elaborately planned scams
WEB OF DECEIT Fears North Korean spies are posing as IT workers to infiltrate Western companies & earn cash for Kim's warped regime
Click to share on X/Twitter (Opens in new window)
Click to share on Facebook (Opens in new window)
BRITS could be helping North Korean spies pose as IT workers to infiltrate Western companies, an intelligence report has warned.
The fake IT workers are hired for fully remote jobs using stolen or fake identities to earn cash for Kim Jong-un's regime.
Sign up for Scottish Sun
newsletter
Sign up
5
North Korean spies are posing as fake IT workers to infiltrate UK companies
Credit: Getty
5
The cash from the IT worker scams is being sent straight back to Kim Jong-un's regime
Credit: Getty
5
It is thought to be being used to fund North Korea's evil military program
Once inside the North Korean fraudsters exploit the companies - stealing funds and information.
The scams have had a devastating impact on companies across the country and left them wondering just how North Korea pulled them off.
Now, an intelligence report has revealed that Brits could have been helping all along.
According to the report from Google Threat Intelligence the North Korean spies use "local facilitators" to help them get jobs and verify their identities.
These middlemen use remote desktop software that allows workers from North Korea to log in to a company's internal servers - making it look like they are working from inside the country.
Google researchers found that one laptop issued by a US company was being hosted in London, sparking fears that Brits may be part of the shady network.
Principal i3 Insider Investigator at DTEX Systems, Michael Barnhart, told The Sun: "The London-based facilitator previously acted as the primary 'farmer' and enterprise representative in the operation, having established a front company in collaboration with another facilitator who was the main North Korean IT worker."
Barnhart said that all evidence of the operation has now been removed.
This follows a wider trend across the US where American citizens have been accused of helping the fake IT workers remain undetected.
Matthew Knoot, 38, was arrested for allegedly helping North Korean workers in Nashville, Tennessee last year.
Kim Jong Un blows up the ground in North Korea as part of a building project
Knoot allegedly helped the workers use stolen identities to pose as US citizens and hosted company laptops at his home.
From there he ran a "laptop farm" - allowing the North Korean actors to log in to the computers from China.
Knoot is also believed to have helped launder money from the remote IT jobs to accounts tied to North Korean and Chinese actors.
United States Attorney Henry Leventis said at the time that Knoot helped funnel hundreds of thousands of dollars to the North Korean government through the scheme.
HOW DO THE SCAMS WORK?
The North Korean spies reportedly use stolen or fake identities to set up accounts on remote job sites - including LinkedIn, Upwork and Freelancer - to apply for work.
And to make sure they're not detected they use "aliases, false or fraudulent personae and proxies," according to the HM Treasury's Office of Financial Sanctions Implementations.
Once they make it to interview stage, they often use AI-generated deepfakes to look and sound like the person they are claiming to be.
These AI deep-fakes are becoming increasingly easy to purchase, with a full identity complete with an ID doc and proof of address available from as little as $200 on the dark web.
Head of National Security Intelligence at Chainanalysis Andrew Fierman told The Sun: 'All you need are a few photos and a very small clip of voice of the person you're attempting to be and you can effectively be that person'
5
A fake passport belonging to a North Korean worker posing as an Estonian
Credit: DTEX Systems
5
An identity card belonging to a North Korean worker posing as a Pole
Credit: DTEX systems
After being recruited the North Korean workers use their stolen credentials to breeze through the onboarding process.
And they often ask their employers to send their work laptops to front addresses - run by "local facilitators" - which allows them to remain undetected.
Once fully onboarded the fraudsters work hard to establish themselves within the company, gaining its trust before they pounce.
Companies often allow high-performing workers to refer future employees - allowing them to slowly amass an army of cyber warriors.
They then set about hatching plans to 'exploit and steal funds from the organisations'.
Fierman explained that there are a number of cunning tactics that the North Korean workers use.
Fierman said: 'It's all about getting someone within an organisation to give you an access point unknowingly.'
He added: 'For example, if it's bonus season and North Korea knows it's bonus season at your organisation, they might send out an email saying here's the details of your upcoming bonus.
'Somebody is going to get excited and click the link and then they've given North Korea access to the entire infrastructure of their organisation."
These sly tactics allow the North Korean workers to access sensitive information as well as money.
They reportedly use this information as a bargaining chip if needed - dishing out threats of sharing it with competitors.
UK sanctions on North Korea
DPRK targets are on OFSI's consolidated list of financial sanctions and are subject to an asset freeze.
This regime also includes sectoral financial sanctions, which contain both restrictions and requirements. These include those placed on: The sale or purchase of bonds
DPRK credit and financial institutions including branches, subsidiaries and representative offices)
UK credit and financial institutions from dealing with DPRK credit and financial institutions (including branches, subsidiaries and representative offices)
Representative offices belonging to designated persons
Business arrangements with designated persons
Financial support for trade
Investment and commercial activities
Bank accounts for DPRK diplomats and diplomatic missions
Leasing or, otherwise making available, real property
Source: HM Treasury's Office of Financial Sanctions Implementations (OFSI)
KIM'S CASH-STARVED REGIME
North Korea has been hit by many sanctions over the years forcing Kim Jong-un to think outside the box.
The tyrant has long relied on cyber activity to fund his cash-starved regime and the fake IT worker scams are the latest in a string of shady tactics.
Fierman told The Sun: 'None of these North Korean workers are operating of their own will or fruition, they're doing it on behalf of the North Korean government.'
And it's thought that the money is going straight into the country's weapons programmes.
A UN investigation in 2022 confirmed these suspicions and said that cyber attacks were an "important revenue source" for Pyongyang's nuclear and ballistic missile programme
The recent worker scams come after a shocking crypto heist saw North Korea's Lazarus Group accused of stealing $1.2billion back in February.
Hackers were able to gain control of an Ethereum wallet and rip all of its contents, in what has been dubbed the largest heist in crypto's history.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Sun
34 minutes ago
- The Sun
Moment Tube driver ‘KNITS' and watches videos on phone while driving despite endless striking leaving commuters furious
A LONDON Underground driver has been caught on camera knitting and watching videos on their phone — all while operating a Northern Line train. The driver was filmed at the controls, head down and hands busy with knitting needles, as the train departed Hendon Central station in north-west London. 4 4 4 A stunned commuter on the opposite platform recorded the moment, later posting it online, where it quickly went viral and drew fierce criticism. He said: 'I was so surprised. I didn't expect to see someone meant to be at work being so casual about the job. 'Especially because at the time, there were tube strikes going on so it felt mad they were complaining about the job then relaxing on it. 'And, although I don't know how automatic the system is for the tubes, I remember thinking that this person has the passengers' lives in their hands. 'It felt crazy that this driver wouldn't take that more seriously.' The video sparked widespread backlash, with many questioning how a driver could act so recklessly in a job with such serious responsibility. On Twitter, one user wrote: 'And they always want pay rises! You couldn't make it up!' Another added: 'Remember this next time they talk about 'safety' when they strike.' The incident occurred during a turbulent stretch for Transport for London (TfL), as months of intermittent strike action caused widespread delays and frustration for commuters. The strikes, led by unions demanding better pay, pension protection and improved working conditions, have severely impacted services across the capital. A TfL spokesperson confirmed that disciplinary action was taken. 'This video was made earlier in the year. "We carried out a full investigation and the person involved no longer works at TfL.'
Scottish Sun
37 minutes ago
- Scottish Sun
Scots McDonald's bans gangs of under-16s after 6pm amid safety fears
Youngsters will not be allowed to eat their food inside the restaurant Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) A SCOTS McDonald's has banned gangs of youths from entering after 6pm amid safety fears. The Glasgow branch made the decision in a bid to "maintain a family environment". Sign up for Scottish Sun newsletter Sign up 1 The Glasgow branch made the decision in a bid to "maintain a family environment" Credit: Alamy The Govan restaurant, on Helen Street, announced that only two under-16s will be allowed to enter the restaurant at a time after 6pm unless they are accompanied by an adult. The youngsters will not be allowed to eat their food inside the restaurant, with the franchise offering a takeaway service only. Staff at the eatery said they had taken the "difficult decision" with the "safety and well-being of our staff and customers" in mind. The ban, however, impacts all under-16s regardless of their previous conduct. A notice on the window of the restaurant reads: 'To maintain a family environment within this restaurant and for the safety and well-being of our staff and customers, we have taken the difficult decision that. 'All under 16s not accompanied by an appropriate adult after 6pm will be offered take-away service only and a maximum of two in at a time. 'Our sincere apologies for any inconvenience this may cause, but the safety and wellbeing of our staff is our top priority.' But the decision has left locals divided - with some branding it "unfair". One wrote: "How companies are getting away with discriminating against whole age group is beyond me. How is this fair on most kids that aren't causing a riot?" Another said: "Good, youngsters of today need to be taught manners!" McDonald's store rolls out policy that bans certain diners – even adults will be barred unless they comply with 2 checks- A third added: "Sad times, but they have only got themselves to blame for their vile behaviour." Elsewhere, mobile phones are set to be banned from classrooms for thousands more Scottish pupils amid a major crackdown. Moray Council is the latest local authority to prohibit the use of devices across its primary and secondary schools.
Telegraph
an hour ago
- Telegraph
Man, 49, charged with threats to kill Koran burner
A man that allegedly threatened to behead another man who set a Koran alight has been remanded in custody. Muhammad Naasir Attaari is accused of telling an employee in an Asda store that he would behead Hamit Coskun, who burned the Muslim holy book outside the Turkish consulate earlier this year. The 49-year-old was reported by the Asda employee. Mr Attaari wore a white Islamic skull cap and black hoodie in court, with a long grey-and-black beard. Westminster magistrates' court heard he is charged with threatening to kill Coskun, who shouted abusive comments about Islam and burned a Koran outside the Turkish consulate in Knightsbridge, central London, in February. Mr Attaari is also charged with three counts of possessing a bladed article in a public place. Coskun, 50, was convicted at the same court earlier this month of a religiously aggravated public order offence of using disorderly conduct, and fined a total of £336. Coskun, who is Kurdish and Armenian, was said to have travelled from his home in Derby to set fire to the Muslim holy book. In a statement released following his court case, he said his conviction had been 'an assault on free speech, and will deter others from exercising their democratic rights'. Mr Attaari, who the court heard is originally from the Blackburn area of Lancashire, entered no pleas at the hearing and his case was sent to Isleworth Crown Court. Prosecutor Rizwan Amin told the court: 'With regard to the threats to kill, it has taken place at an Asda store. 'A member of staff approached him and interacted with this defendant. 'On one particular occasion, there was dialogue between both parties, in particular that someone had burned a Koran, the holy book.' District Judge John Zani asked about the intended victim of the alleged threat. 'It's somebody who was in the news,' Mr Amin continued. 'He is not known [to the defendant].' The court heard that police visited Mr Attaari's address in Northolt and were about to leave, as he wasn't in, when the defendant arrived home and approached officers. Remanding Mr Attaari into custody until his next appearance at Isleworth Crown Court on July 10, Judge Zani told him: 'You face a number of serious offences too serious to be dealt with in this court.'
