For years, the North Korean government has found a budding source of sanctioned revenue income tasking their citizens with secretly applying for remote technology jobs in the West. Recently revealed removed US law operation explains how much of the infrastructure used to extract those patterns were based in the United States – and just how many identities of Americans have been stolen from the North Korean impersonators to carry out them.
Monday, the Department of Justice announced A sweep operation to break US elements of the North Korean remote IT labor scheme, including allegations against two Americans, which the government says they were involved in the Operations-One of which the FBI arrested. Authorities also searched 29 “laptop farms” through 16 states presumably used to receive and host the computers the North Korean workers remotely access, and captured about 200 of these computers as well as 21 online domains and 29 financial accounts that received the revenue that the operation generated. The announcement and allegations of the DOJ also reveal how the North Koreans have not only created false identifiers to hint at Western technological firms, according to authorities, but allegedly stole the identities of “more than 80 US people” to replace them in jobs at more than one hundred US companies and funeral money to the Kim mode.
“It’s huge,” says Michael Barnhart, an investigator focused on North Korean hacking and espionage at DTEX, a security company focused on insidious threats. “Whenever you have a portable farm like this, this is the gentle sub -pit of these operations. Disabling them through so many states, that is massive.”
Overall, the DOJ says it identifies six Americans, which it is believed to have been involved in a scheme to enable the North Korean technology workers, although only two were named and criminal – Kejia Wang and Zhenxing Wang, both based in New Jerseyerzejo – and only Zhenxing Wang was arrested. Accusing the two men to help steal the identities of dozens of Americans for the North Koreans to assume, receiving laptops sent to them from their employers, setting up remote approaches for North Koreans to control those machines from all over the world-enabled that remote access to the Hell-Sallies market. supposedly earned. The DOJ says that the two American men also worked with six named Chinese coo -inspired, according to the burdensome documents, as well as two Taiwanese nationals.
To create the cover identities for the North Korean workers, prosecutors say that the two Wangs have accessed the personal details of more than 700 Americans in private registrations. But for the individuals the North Koreans impressed, they allegedly went much further, using scans of drivers’ licenses of the identity of victims and social security cards to enable North Koreans to apply for jobs under their names, according to the DOJ.
Of the load documents it is not clear, as these personal documents were reportedly obtained. But Dtex’s Barnhart says that North Korean impersonal operations typically obtain the identification documents of Americans from dark online cybercrime forums or data filters. In fact, he says the 80-plus stolen identities cited by the DOJ represent a small sample of thousands of US identifiers that he saw in some cases from the infrastructure of North Korean hack operations.
