How North Korea's cybercriminals infiltrate Western companies

How North Korea's cybercriminals infiltrate Western companies

For more than a decade, North Korea's cybercriminals and digital scammers have raged, wreaking havoc and stealing hundreds of millions of dollars in an effort to raise money for the regime. While the United States and other governments routinely denounce digital espionage operations and indict the country's cybercriminals, making allegations about theft and illicit profits has proved more difficult. Although North Korea has been subject to extensive sanctions imposed by the United States and other governments for years, efforts to counter the regime's financial crimes have encountered several obstacles.

The US Treasury Department last week , the State Department and the FBI have published a joint sixteen-page notice, warning companies of a particular form of scam: North Korean IT workers apply as freelancers - often in wealthy North American, European and East Asia - with the aim of generating revenue for their country. Workers pass themselves off as computer scientists of other nationalities, pretending to work remotely from South Korea, China, Japan, Eastern Europe, or the United States. The communication from the US authorities notes that North Korean IT workers who obtain contracts of this type are thousands. Some of them operate from North Korea while others work overseas, mainly in China and Russia, with small contingents in Southeast Asia and Africa. In some cases, the North Korean scammers themselves "subcontract" the work from other people to increase their credibility.

Undercover cybercriminals "In some cases, IT workers in the Democratic People's Republic of Korea can earn more than $ 300,000 a year, while groups of workers in the sector collectively earn more than $ 3 million per year - the notice reads -. North Korean IT workers guarantee a critical revenue stream that helps finance the highest economic and security priorities of the Democratic People's Republic of Korea regime, such as the weapons development program " .

WiredLeaks, how to send us an anonymous report By unwittingly entering into contracts with North Koreans, US companies violate government sanctions and take legal risks. However, spotting scams is tricky, as North Korean co-workers typically complete the jobs for which they are paid. Without vigilance, companies may not be aware of suspicious activity.

While companies need to be aware of the problem in order to comply with sanctions, the notice highlights how North Korean IT freelancers on the other hand a sometimes use their location to install malware and facilitate espionage and intellectual property theft.

"There have been many instances where we have seen North Korean actors conducting job interviews and using them to try to distribute malware or access to a certain environment - says Adam Meyers, vice president of intelligence of the cybersecurity company CrowdStrike -. These are operations managed by human beings, in which North Koreans have become very good. important ".

North Korean computer scientists have in-depth training, an aspect that makes them more difficult to spot. The U.S. communication notes that the country's freelancers have developed software, websites and other platforms for many different industries, including health and fitness, social networking, sports, entertainment and lifestyle, as well as cryptocurrencies and decentralized finance. North Korean workers are able to provide IT assistance and manage databases, build mobile and web applications, develop cryptocurrency platforms, work with artificial intelligence and virtual or augmented reality, and develop facial recognition and biometric authentication tools.

In their warning, the US authorities list a series of "warning indicators" that can help you understand that you are in the presence of a scam by North Korean computer scientists. Many of these signals follow best practices to avoid online scams more generally, such as monitoring unusual logins or IP addresses, or remembering suspicious digital accounts by collaborators to collect payments, requests for cryptocurrency payments, applications and Documentations with standard formulations instead of customized and potential freelancers with excellent reviews on job search sites published in a short amount of time.

The difficulties of companies See more Choose the newsletters you want to receive and sign up! Weekly news and comments on conflicts in the digital world, sustainability or gender equality. The best of innovation every day. It's our new newsletters: innovation just a click away.

Arrow Cyber ​​incident perpetrators point out that while the details and transparency offered by the US government communication are undoubtedly useful, for potential victims it is still difficult to respond effectively.

"The problem is always the same: who has the responsibility to protect against these attacks? It is the responsibility of individuals and companies, who often do not have the ability to understand this type of information and to make improvements - explains David Kennedy, chief executive of corporate incident response consultancy TrustedSec -. towards more generalized security and helping smaller organizations ".

The warning and other recent revelations from the go the United States on North Korean cybercrime and financial crimes help raise awareness and likely signal that such activities pose a real and urgent threat. But as Jake Williams, director of cyber threat intelligence at security firm Scythe explains, "The recommendations are, in my view, intentionally vague. The more specific the recommendations to companies, the easier it will be for companies to claim that they have. followed the instructions to the letter and therefore have no liability. "

This article originally appeared on US.

Powered by Blogger.