Some 17 website domains used by information technology workers from North Korea in a scheme to allegedly defraud businesses were seized by the United States this week.
The domains were part of a scheme to evade sanctions and fund the country’s weapons programme, US officials say.
The seizures took place on Tuesday authorized by a court order in Missouri, the US Justice Department said in a statement.
The United States has alleged that North Korea oversees thousands of IT workers around the world, primarily located in China and Russia, with the aim of deceiving US and other businesses worldwide into hiring them as freelance IT workers, in order to generate revenue for its weapons of mass destruction and ballistic missiles programmes.
North Korea has “flooded the global marketplace with ill-intentioned information technology workers to indirectly fund its ballistic missile programme,” the Justice Department said on Wednesday, urging employers to be cautious.
The United States and South Korea in May announced new North Korea sanctions related to thousands of IT workers they accused of hiding their identities, locations and nationalities and using forged documentation to apply for jobs. They allegedly help fund Pyongyang’s weapons programmes, according to Washington.
In the past, the US State Department has warned that hiring North Korean IT workers could also lead to incidents of intellectual property theft.
Seizure of $1.5 million from same group
The seizures of the 17 website domains followed previously sealed court-authorized seizures in October 2022 and January 2023 of about $1.5 million of revenue the same group of IT workers collected from unwitting victims as a result of their scheme, the Justice Department said on Wednesday.
“The seizures announced today protect US companies from being infiltrated with North Korean computer code and help ensure that American businesses are not used to finance that regime’s weapons programme,” Assistant Attorney General Matthew G Olsen of the department’s National Security Division.
“The Department of Justice is committed to working with private sector partners to protect US business from this kind of fraud, to enhance our collective cybersecurity and to disrupt the funds fueling North Korean missiles.”
It said “this group of North Koreans, who work for the PRC-based Yanbian Silverstar Network Technology Co Ltd and the Russia-based Volasys Silver Star, had previously been sanctioned in 2018 by the Department of the Treasury.
“These IT workers funneled income from their fraudulent IT work back to North Korea through the use of online payment services and Chinese bank accounts.”
The agency said public-private information sharing partnerships had also been developed that denied the North Korean IT workers access to their preferred online freelance work and payment service providers.
- Reuters with additional editing by Jim Pollard