therecord.media
Open in
urlscan Pro
2606:4700:4400::ac40:9b4b
Public Scan
URL:
https://therecord.media/north-korea-it-workers-accused-money-laundering-5million-reward
Submission: On May 17 via api from TR — Scanned from DE
Submission: On May 17 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
<form><span class="text-black text-sm icon-search"></span><input name="s" placeholder="Search…" type="text" value=""><button type="submit">Go</button></form>Text Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. Accept * Leadership * Cybercrime * Nation-state * Elections * Technology * Cyber Daily® * Click Here Podcast Go Subscribe to The Record ✉️ Free Newsletter IMAGE: MICHA BRANDLI VIA UNSPLASH Jonathan Greig May 16th, 2024 * Cybercrime * Nation-state * News * * * * * Get more insights with the Recorded Future Intelligence Cloud. Learn more. US OFFERS $5 MILLION FOR INFO ON NORTH KOREAN IT WORKERS INVOLVED IN JOB FRAUD Editor's note: Story updated 12:35 p.m. and 1:30 p.m. Eastern U.S. time with details from Department of Justice and FBI announcements. The U.S. is offering a reward of up to $5 million for information on a network of people charged with scamming companies of nearly $7 million on behalf of North Korea. The State Department said that from October 2020 to October 2023, a U.S. national named Christina Chapman helped workers under the aliases Jiho Han, Chunji Jin and Haoran Xu fraudulently obtain remote work as software and applications developers with companies in a range of sectors and industries. Chapman, the three workers and a 27-year-old Ukrainian, Oleksandr Didenko, have been charged by federal prosecutors in the scheme. The three workers' manager, who used the aliases Zhonghua and Venechor S, is listed as an un-indicted co-conspirator. Chapman was arrested on Wednesday in her hometown of Litchfield Park, Arizona, and Didenko was arrested in Poland on May 7. The U.S. is seeking his extradition. “These individuals engaged in a scheme that enabled Han, Jin, and Xu to obtain illicit telework employment with U.S. companies using false identities belonging to more than 60 real U.S. persons. The illicit scheme generated at least $6.8 million for the DPRK,” the State Department said. The scheme "impacted more than 300 U.S. companies, caused false information to be conveyed to the Department of Homeland Security on more than 100 occasions, created false tax liabilities for more than 35 U.S. persons," the DOJ said. The three workers "are linked to the DPRK’s Munitions Industry Department, which oversees the development of the DPRK’s ballistic missiles, weapons production, and research and development programs," the State Department said. The department said the workers tried to get hired at two unnamed U.S. government agencies but failed three separate times. The North Koreans were able to gain employment at several Fortune 500 companies, including a “top-five major television network, a Silicon Valley technology company, an aerospace and defense company, an American car manufacturer, a luxury retail store, and a U.S.-hallmark media and entertainment company.” Chapman allegedly helped them acquire the identities of the 60 U.S. citizens and “received and hosted” the laptop computers sent from employers in an effort to make it look like the North Koreans were based in the United States, the State Department said. Chapman enabled the workers to connect remotely to the U.S. companies’ IT networks on a daily basis and “helped launder the proceeds from the scheme by receiving, processing, and distributing paychecks from the U.S. firms to these IT workers and others.” Didenko "allegedly owned and operated U.S.-based online infrastructure as well as fraudulent and stolen U.S. persons’ identities" in the scheme, said FBI Assistant Director Jim Smith of the New York Field Office. The DOJ said it also raided four U.S. residences controlled by Didenko where he ran laptop farms. The State Department urged anyone with information on Chapman, Han, Jin and Xu to come forward. The FBI also released an alert about North Korean IT workers. EVADING SANCTIONS Last year, the U.S. Treasury announced sanctions on four entities that employ thousands of North Korean IT workers who help illicitly finance the regime's missile and weapons of mass destruction programs. The department said North Korea maintains legions of “highly skilled” IT workers around the globe, primarily in China and Russia, who “generate revenue that contributes to its unlawful WMD and ballistic missile programs.” These individuals, who can earn up to $300,000 annually, “deliberately obfuscate their identities, locations, and nationalities, typically using fake personas, proxy accounts, stolen identities, and falsified or forged documentation” to apply for jobs, Treasury said. Brian Nelson, undersecretary of the Treasury for terrorism and financial intelligence, said last year that the DPRK’s “extensive illicit cyber and IT worker operations” help “finance the regime’s unlawful weapons of mass destruction and ballistic missile programs.” Several U.S. law enforcement agencies and international organizations have warned in recent years of North Korean IT workers posing as citizens from other countries to obtain work. Their positions were either used to generate funding for North Korea’s regime or infiltrate organizations with access to funds and information. * * * * * Tags * North Korea * State Department * money laundering * Impersonation scams * reward * Rewards for Justice Previous articleNext article UK insurance industry begins to acknowledge role in tackling ransomware FCC might require telecoms to report on securing internet's BGP technology Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic. BRIEFS * Sonne Finance developers offer bounty to hacker behind $20 million crypto theftMay 15th, 2024 * New backdoors on a European government's network appear to be RussianMay 15th, 2024 * Cyber trust label could be in place by end of the year, White House saysMay 15th, 2024 * Companies lacked proper review for links to Caribbean undersea cables, FCC saysMay 15th, 2024 * GCHQ to protect UK election candidates’ phones from cyberattacksMay 15th, 2024 * Tornado Cash co-founder convicted of laundering $1.2 billion by Dutch courtMay 14th, 2024 * Final Fantasy game servers hit by multiple DDoS attacksMay 8th, 2024 * School exams are no reason to block internet access, groups tell Iraq’s leadersMay 8th, 2024 * Patient appointments imperiled by cyberattack on French radiologistMay 8th, 2024 GITCAUGHT: THREAT ACTOR LEVERAGES GITHUB REPOSITORY FOR MALICIOUS INFRASTRUCTURE GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure EXPLORING THE DEPTHS OF SOLARMARKER'S MULTI-TIERED INFRASTRUCTURE Exploring the Depths of SolarMarker's Multi-tiered Infrastructure RUSSIA-LINKED COPYCOP USES LLMS TO WEAPONIZE INFLUENCE CONTENT AT SCALE Russia-Linked CopyCop Uses LLMs to Weaponize Influence Content at Scale IRAN-ALIGNED EMERALD DIVIDE INFLUENCE CAMPAIGN EVOLVES TO EXPLOIT ISRAEL-HAMAS CONFLICT Iran-Aligned Emerald Divide Influence Campaign Evolves to Exploit Israel-Hamas Conflict “MOBILE NOTPETYA”: SPYWARE ZERO-CLICK EXPLOIT DEVELOPMENT INCREASES THREAT OF WORMABLE MOBILE MALWARE “Mobile NotPetya”: Spyware Zero-Click Exploit Development Increases Threat of Wormable Mobile Malware * * * * * * Privacy * About * Contact Us © Copyright 2024 | The Record from Recorded Future News