The seizures took place on Oct. 17 pursuant to a court order in Missouri, the U.S. Justice Department said in a statement.
The DOJ accused North Korea of sending thousands of skilled IT workers worldwide, mainly to China and Russia, to deceive American companies and other businesses into employing them as freelance IT professionals to generate funding for North Korea’s weapons of mass destruction (WMD) programs.
The Justice Department said that the case involved the same IT workers group that previously deceived innocent victims out of $1.5 million.
“The seizures announced today protect U.S. companies from being infiltrated with North Korean computer code and help ensure that American businesses are not used to finance that regime’s weapons program,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division.
North Korea has “flooded the global marketplace with ill-intentioned information technology workers to indirectly fund its ballistic missile program,” the Justice Department said on Oct 18, urging employers to be cautious.
North Korean IT professionals allegedly carry out the scheme via various means, including using pseudonymous emails, payment service platforms and online job accounts, fake U.S. websites and proxies, among others. In some cases, these IT workers “infiltrated the computer networks of unwitting employers to steal information and maintain access for future hacking and extortion schemes,” the DOJ said.
Attorney Sayler A. Fleming for the Eastern District of Missouri warned, “Employers need to be cautious about who they are hiring and who they are allowing to access their IT systems. You may be helping to fund North Korea’s weapons program or allowing hackers to steal your data or extort you down the line.”
The North Korean IT workers designed these website domains to look like legitimate websites from U.S. companies, which helped them hide their real identities and locations when applying for jobs at U.S. and other foreign firms.
The agency said public-private information-sharing partnerships had also been developed that denied the North Korean IT workers access to their preferred online freelance work and payment service providers.
The DOJ said that this North Korean group worked for two North Korea-run companies, the China-based Yanbian Silverstar Network Technology Co. Ltd. and the Russia-based Volasys Silver Star. The Department of the Treasury imposed sanctions on the two firms in 2018. These workers transferred money from their illegal IT work to North Korea via online payment services and Chinese bank accounts.
In May, the United States and South Korea jointly imposed sanctions on North Korea involving illicit worker revenue generation “that contributes to its unlawful WMD and ballistic missile programs.”
Hacking Activities
In 2019, the Treasury Department sanctioned the North Korean hacker group Lazarus. The department said this hacking group targets “institutions such as government, military, financial, manufacturing, publishing, media, entertainment, and international shipping companies, as well as critical infrastructure, using tactics such as cyber espionage, data theft, monetary heists, and destructive malware operations.”The United States alleged the Lazarus hacking group is controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence bureau. It has been accused of hacking international banks and customer accounts and the 2014 cyber-attacks on Sony Pictures Entertainment.
Lazarus Group has been accused of the destructive WannaCry ransomware attacks in 2017, which affected at least 150 countries worldwide and shut down nearly 300,000 computers. The ransomware attacks crippled one-third of the UK’s hospital emergency services, leading to over 19,000 appointments being canceled, and cost the UK’s National Health Service more than $112 million, making it the worst-known ransomware attack in history.
Lazarus has also been accused of carrying out some of the largest virtual currency heists to date. In March 2022, they allegedly stole about $620 million in virtual currency from a blockchain project linked to the online game Axie Infinity.
The FBI in 2018 filed a criminal complaint against North Korean national Park Jin Hyok for his alleged involvement in the group.