There is mounting evidence that potentially hostile nation-states such as North Korea are using cybercrimes committed in countries like the US to fund weapons programs, reports the US Justice Department.
Last week, the US seized 17 website domains alleged to have been used to defraud US and foreign businesses. These seizures come hard on the heels of previously sealed October 2022 and January 2023 court-authorized seizures of approximately $1.5 million of the revenue that the same group of IT workers collected from unwitting victims. According to the US Justice Department, The Democratic People’s Republic of North Korea has installed bogus contractors to steal from US companies in order to pay for weapons development.
“The Democratic People’s Republic of Korea has flooded the global marketplace with ill-intentioned information technology workers to indirectly fund its ballistic missile program. The seizing of these fraudulent domains helps protect companies from unknowingly hiring these bad actors and potentially damaging their business,” said Special Agent in Charge Jay Greenberg of the Federal Bureau of Investigation (FBI) St. Louis Division.
Companies should be vigilant when hiring
He added: “This scheme is so prevalent that companies must be vigilant to verify whom they’re hiring. At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities. Without due diligence, companies risk losing money or being compromised by insider threats they unknowingly invited inside their systems.”
According to cybersecurity firm WithSecure, the US also faces Vietnamese cybercrime groups who are targeting the digital marketing sector in the US. The Vietnamese cybercriminals are using off-the-shelf Malware as a Service (MaaS) infostealers and Remote Access Trojans (RATs).
“These actors greatly value Facebook business accounts and hijacking these accounts appears to be one of their primary goals. The targeting and methods of these groups heavily overlap to an extent that suggests that they are a closely related cluster of operators/groups,” says WithSecure.
As the line between cybercriminals and foreign nation-state threat actors becomes increasingly blurred, organizations across all sectors should be increasingly wary when hiring overseas contractors and using social networking platforms for business purposes.
