Fears North Korean spies are posing as IT workers to infiltrate Western companies & earn cash for Kim's warped regime
WEB OF DECEIT Fears North Korean spies are posing as IT workers to infiltrate Western companies & earn cash for Kim's warped regime
Click to share on X/Twitter (Opens in new window)
Click to share on Facebook (Opens in new window)
BRITS could be helping North Korean spies pose as IT workers to infiltrate Western companies, an intelligence report has warned.
The fake IT workers are hired for fully remote jobs using stolen or fake identities to earn cash for Kim Jong-un's regime.
Sign up for Scottish Sun
newsletter
Sign up
5
North Korean spies are posing as fake IT workers to infiltrate UK companies
Credit: Getty
5
The cash from the IT worker scams is being sent straight back to Kim Jong-un's regime
Credit: Getty
5
It is thought to be being used to fund North Korea's evil military program
Once inside the North Korean fraudsters exploit the companies - stealing funds and information.
The scams have had a devastating impact on companies across the country and left them wondering just how North Korea pulled them off.
Now, an intelligence report has revealed that Brits could have been helping all along.
According to the report from Google Threat Intelligence the North Korean spies use "local facilitators" to help them get jobs and verify their identities.
These middlemen use remote desktop software that allows workers from North Korea to log in to a company's internal servers - making it look like they are working from inside the country.
Google researchers found that one laptop issued by a US company was being hosted in London, sparking fears that Brits may be part of the shady network.
Principal i3 Insider Investigator at DTEX Systems, Michael Barnhart, told The Sun: "The London-based facilitator previously acted as the primary 'farmer' and enterprise representative in the operation, having established a front company in collaboration with another facilitator who was the main North Korean IT worker."
Barnhart said that all evidence of the operation has now been removed.
This follows a wider trend across the US where American citizens have been accused of helping the fake IT workers remain undetected.
Matthew Knoot, 38, was arrested for allegedly helping North Korean workers in Nashville, Tennessee last year.
Kim Jong Un blows up the ground in North Korea as part of a building project
Knoot allegedly helped the workers use stolen identities to pose as US citizens and hosted company laptops at his home.
From there he ran a "laptop farm" - allowing the North Korean actors to log in to the computers from China.
Knoot is also believed to have helped launder money from the remote IT jobs to accounts tied to North Korean and Chinese actors.
United States Attorney Henry Leventis said at the time that Knoot helped funnel hundreds of thousands of dollars to the North Korean government through the scheme.
HOW DO THE SCAMS WORK?
The North Korean spies reportedly use stolen or fake identities to set up accounts on remote job sites - including LinkedIn, Upwork and Freelancer - to apply for work.
And to make sure they're not detected they use "aliases, false or fraudulent personae and proxies," according to the HM Treasury's Office of Financial Sanctions Implementations.
Once they make it to interview stage, they often use AI-generated deepfakes to look and sound like the person they are claiming to be.
These AI deep-fakes are becoming increasingly easy to purchase, with a full identity complete with an ID doc and proof of address available from as little as $200 on the dark web.
Head of National Security Intelligence at Chainanalysis Andrew Fierman told The Sun: 'All you need are a few photos and a very small clip of voice of the person you're attempting to be and you can effectively be that person'
5
A fake passport belonging to a North Korean worker posing as an Estonian
Credit: DTEX Systems
5
An identity card belonging to a North Korean worker posing as a Pole
Credit: DTEX systems
After being recruited the North Korean workers use their stolen credentials to breeze through the onboarding process.
And they often ask their employers to send their work laptops to front addresses - run by "local facilitators" - which allows them to remain undetected.
Once fully onboarded the fraudsters work hard to establish themselves within the company, gaining its trust before they pounce.
Companies often allow high-performing workers to refer future employees - allowing them to slowly amass an army of cyber warriors.
They then set about hatching plans to 'exploit and steal funds from the organisations'.
Fierman explained that there are a number of cunning tactics that the North Korean workers use.
Fierman said: 'It's all about getting someone within an organisation to give you an access point unknowingly.'
He added: 'For example, if it's bonus season and North Korea knows it's bonus season at your organisation, they might send out an email saying here's the details of your upcoming bonus.
'Somebody is going to get excited and click the link and then they've given North Korea access to the entire infrastructure of their organisation."
These sly tactics allow the North Korean workers to access sensitive information as well as money.
They reportedly use this information as a bargaining chip if needed - dishing out threats of sharing it with competitors.
UK sanctions on North Korea
DPRK targets are on OFSI's consolidated list of financial sanctions and are subject to an asset freeze.
This regime also includes sectoral financial sanctions, which contain both restrictions and requirements. These include those placed on: The sale or purchase of bonds
DPRK credit and financial institutions including branches, subsidiaries and representative offices)
UK credit and financial institutions from dealing with DPRK credit and financial institutions (including branches, subsidiaries and representative offices)
Representative offices belonging to designated persons
Business arrangements with designated persons
Financial support for trade
Investment and commercial activities
Bank accounts for DPRK diplomats and diplomatic missions
Leasing or, otherwise making available, real property
Source: HM Treasury's Office of Financial Sanctions Implementations (OFSI)
KIM'S CASH-STARVED REGIME
North Korea has been hit by many sanctions over the years forcing Kim Jong-un to think outside the box.
The tyrant has long relied on cyber activity to fund his cash-starved regime and the fake IT worker scams are the latest in a string of shady tactics.
Fierman told The Sun: 'None of these North Korean workers are operating of their own will or fruition, they're doing it on behalf of the North Korean government.'
And it's thought that the money is going straight into the country's weapons programmes.
A UN investigation in 2022 confirmed these suspicions and said that cyber attacks were an "important revenue source" for Pyongyang's nuclear and ballistic missile programme
The recent worker scams come after a shocking crypto heist saw North Korea's Lazarus Group accused of stealing $1.2billion back in February.
Hackers were able to gain control of an Ethereum wallet and rip all of its contents, in what has been dubbed the largest heist in crypto's history.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Independent
2 hours ago
- The Independent
Arrests made during demonstrations outside Canary Wharf hotel as protests take place across UK
Two people have been arrested at a protest outside the Britannia Hotel in Canary Wharf as demonstrations took place near hotels housing asylum seekers across the UK. There was a heavy police presence at the site in central London on Friday evening, with officers separating rival groups. The trouble came as the Metropolitan Police is gearing up for a busy weekend of demonstrations, including another planned protest and possible counter-protest outside the Britannia Hotel on Sunday. More than 100 people were protesting with Stand Up to Racism in Canary Wharf as part of the 'Defend Refugees, Stop the Far Right' demonstrations happening across the UK on Friday. About 100 counter- protesters waving Union flags and St George's Cross flags also gathered on the pavement opposite the hotel. 'One person protesting against the use of the hotel by asylum seekers has been arrested after a bottle was thrown at officers,' the Metropolitan Police said. 'A member of the counter-protest group has been arrested for failing to remove a face covering.' Following the two arrests, police imposed conditions under the Public Order Act, with counter-protesters instructed to remain on the pavement opposite the Britannia Hotel. Police said the measures were to 'prevent serious disorder at the protests in Canary Wharf'. Sabby Dhalu, the co-founder of Stand Up to Racism, who attended the demonstration, said: 'This weekend sees the greatest number of protests targeting refugees that are in hotels accommodating asylum seekers since last year's racist riots. 'We're here to stand up to that because it's clear that people on the far right want to see a repeat of the violence and the horrific scenes that we saw last year – with racist attacks up and down the country, violent attacks on police, violent attacks on mosques… 'We're here to stand up to that racism and violence.' She added: 'We've got to find better solutions as a society to the various problems that the country is facing: the fact that people are getting worse off is not the fault of refugees.' Safia Jama, chief executive of the Women's Inclusive Team charity which provides support to women in Tower Hamlets, was also present. Gesturing at the counter protesters across the road, she said: 'As a woman, I feel less safe today than I've ever felt in Tower Hamlets.' 'Generally, I'm very safe in Tower Hamlets: there is no issue or concerns. 'But I'm very worried about going home later, because they will target (us), and when you look at people across the road, it's mainly men.' She added: 'Tower Hamlets is my home: I went to primary school, primary school here, and I'm still living here. 'I'm not going to have a bunch of people come to my borough and paint my borough as a picture that it isn't, and say that it isn't safe for women. 'I'm safe every day, and you're not going to tell me otherwise.' On the counter protesters' side, a pensioner who went by the name of Susie, from Canary Wharf, said the idea of asylum seekers being housed in a local hotel made her feel unsafe. 'When I take the dog for a walk, I always carry a personal alarm because otherwise I'm terrified of being mugged. 'It's become unsafe because we know from a number of instances throughout the country with migrant hotels that these men, fighting-age men, have got sexual needs and there have been – like in Epping – attacks on girls.' Multiple demonstrations have been held outside a hotel housing asylum seekers in Epping since July 13, after an asylum seeker was charged with allegedly attempting to kiss a 14-year-old girl. Susie added: 'It's very important to protest against this migrant hotel: first of all, this is Canary Wharf, which is the engine of a country. 'The sheer stupidity of a government that puts a migrant hotel here just beggars belief. 'These are unvetted, they are criminals by default because they entered the country illegally.' Referring to the counter protesters, she added: 'None of these people here is a racist – they want to look after their own. 'The point is we want to look after children, and girls in particular.' Protests organised by Stand Up to Racism took place outside hotels housing refugees across the country, including in: Islington, London; Portsmouth, Southampton and Aldershot in Hampshire; Hoylake in Merseyside; Barry in Wales; Leicester in the East Midlands; Altrincham in Cheshire; Bournemouth in Dorset; and Birmingham in the West Midlands. In Altrincham, a journalist complained to police after claiming was struck by a placard while attempting to interview anti-racism protesters. Sophie Reaper, GB News ' North West reporter, said in a post on X: 'We went to the Stand Up To Racism counter-protest to offer them the chance to tell their side on GB News – instead I was hit in the head by a metal pole.' A spokesperson for GB News confirmed Ms Reaper was fine following the incident and that she had reported the matter to police. In Epping, Essex, police also put restrictions in place under the Public Order Act, instructing protesters to remain behind the area marked off by metal fencing outside the Bell Hotel. A group of women waving Union flags and St George's Cross flags appeared to defy that order by breaking through metal fences and sitting down on the road outside the hotel, according to footage posted on social media. Essex Police said the protest passed off 'peacefully', though one man was arrested after an officer was struck by an object, while another was arrested on suspicion of breaching court bail conditions. A 'peaceful protest' also took place outside the Brook Hotel in Norwich, Norfolk, according to the local police force. 'I would like to thank all those who attended and made it a peaceful and safe protest,' Norfolk Police Superintendent Wes Hornigold said. 'We put measures in place today to enable people to exercise their right to protest, whilst maintaining safety and minimising disruption. 'A number of officers were deployed to allow this to happen.'
The Independent
2 hours ago
- The Independent
Hundreds of asylum seekers arrested in nationwide crackdown on illegal working
Hundreds of arrests have been made as part of a 'week-long crackdown' on asylum seekers working for delivery firms. A total of 1,780 people were stopped and spoken to at locations across the UK over suspected illegal working activity between July 20 and 27. Some 280 were arrested as a result, in areas including Hillingdon in north-west London, Dumfries in Scotland, and Birmingham, the Home Office said. Some 89 of those have been detained pending removal from the country and 53 are now having their asylum support reviewed, which the government said could result in their support being suspended or withdrawn. The Home Office described the operation as a 'nationwide intensification week' targeting illegal working hotspots, with a focus on the gig economy and people working as delivery riders. Immigration enforcement teams will receive £5 million from the £100 million in funding already announced for border security, aimed at increasing visits by officers in these areas over the coming months, it said. Border security minister Dame Angela Eagle said: 'Illegal working undermines our border security and we're cracking down hard on it. 'That's why we have intensified our enforcement activity right across the UK to crack down on those who think they can evade immigration and employment laws in the UK. ' As well as the arrests, 51 businesses including car washes and restaurants were issued with penalty notices that could see them handed hefty fines if they are found to have hired people without the right to work in the UK. Eddy Montgomery, enforcement director at the Home Office, said officers were taking action 'around the clock' against 'those who think they can get away with working illegally'. Asylum seekers in the UK are normally barred from work while their claim is being processed, though permission can be applied for after a year of waiting. Officials had indicated there would be an increase in work to target areas of suspected activity, as ministers hope to tackle the 'pull factors' attracting migrants to the UK. It comes after the government announced it would share information about asylum hotel locations with food delivery firms in a bid to disrupt such hotspots. Deliveroo, Uber Eats and Just Eat have also said they will ramp up facial verification and fraud checks over the coming months to prevent people working as riders without permission.
Reuters
2 hours ago
- Reuters
UK arrests 280 in crackdown on illegal delivery riders
LONDON, Aug 9 (Reuters) - British authorities arrested almost one in five people they checked in a week-long crackdown on migrants working illegally as delivery riders last month, the government's interior ministry said on Saturday. Immigration enforcement officers stopped and questioned 1,780 individuals between July 20 and 27 and 280 people were arrested, the interior ministry said, adding asylum support was being reviewed for 53 of those detained. The operation was part of a push by the government to tackle illegal migration which also includes new legal requirements for companies to verify workers' immigration status. Prime Minister Keir Starmer is facing pressure to show voters he can counter illegal immigration with support rising for Brexit campaigner Nigel Farage's Reform UK party. "This government is making sure rules are respected and enforced," border security minister Angela Eagle said. As well as the arrests, civil penalty notices were issued to 51 businesses, including car washes and restaurants, which could face fines for employing illegal workers, the ministry said. Police seized 71 vehicles, including 58 e-bikes, and confiscated 8,000 pounds ($10,751.20) in cash and 460,000 pounds worth of illicit cigarettes. The interior ministry said immigration enforcement teams would receive a 5 million-pound funding boost for the work tackling illegal working. Last month, the government struck a new deal with food delivery firms, including Deliveroo (ROO.L), opens new tab, Uber Eats (UBER.N), opens new tab and Just Eat ( opens new tab, to share information aimed at preventing illegal working. In the 12 months to July, Britain returned 35,052 people with no right to remain, up 13% on the previous 12 months. France this week agreed to accept some undocumented migrants who arrive in Britain by small boats with Britain accepting from France an equal number of legitimate asylum seekers with family ties in the country. ($1 = 0.7441 pounds)
