Ethical Hacking News
In a significant development, the U.S. Department of Justice has cracked down on the North Korean information technology (IT) worker scheme, seizing $7.74 million in cryptocurrency and non-fungible tokens (NFTs), as well as 29 financial accounts and 21 fraudulent websites. The operation involves North Korean actors posing as IT workers in the United States, using stolen and fictitious identities to gain access to company networks and extract sensitive data.
The U.S. Department of Justice has cracked down on a North Korean information technology worker scheme generating $7.74 million in revenue. The scheme involves North Korean actors posing as IT workers, using stolen and fictitious identities to gain access to proprietary employer information. The operation was carried out by individuals in the U.S., China, UAE, and Taiwan, with North Korean actors providing guidance and support. The scheme highlights the need for vigilance, cooperation, and international collaboration to prevent state-sponsored cybercrime.
The recent crackdown by the U.S. Department of Justice (DoJ) on the North Korean information technology (IT) worker scheme has shed light on a complex web of cybercrime and deception that has been ongoing for years. The operation, which involves North Korean actors posing as IT workers in the United States, has generated an estimated $7.74 million in revenue, with the majority coming from companies in the Atlanta-based blockchain research and development company.
The scheme, described by cybersecurity company DTEX as a state-sponsored crime syndicate, involves North Korean actors obtaining employment with U.S. companies as remote IT workers, using a mix of stolen and fictitious identities. Once they land a job, the IT workers receive regular salary payments and gain access to proprietary employer information, including export-controlled U.S. military technology and virtual currency.
The operation is believed to have been carried out by individuals in the United States, China, United Arab Emirates, and Taiwan, with North Korean actors providing the initial guidance and support. The scheme has been ongoing for several years, with Microsoft tracking the threat under the moniker Jasper Sleet (previously Storm-0287) since 2020.
The worker fraud scheme starts with setting up identities that match the geolocation of their target organizations, after which they are digitally fleshed out through social media profiles and fabricated portfolios on developer-oriented platforms like GitHub to give the personas a veneer of legitimacy. The IT workers then use this information to gain access to company networks and extract sensitive data.
The operation has significant implications for U.S. companies and the broader cybersecurity community. It highlights the need for vigilance and cooperation in preventing such schemes, as well as the importance of international collaboration in disrupting North Korean cyber operations.
In addition to the DoJ's actions, Microsoft has also suspended 3,000 known Outlook/Hotmail accounts created by the threat actors as part of its broader efforts to disrupt North Korean cyber operations. The company has been tracking the IT worker threat since 2020 and has taken significant steps to prevent similar schemes in the future.
The recent crackdown on the North Korean IT worker scheme serves as a reminder of the ongoing threats posed by state-sponsored cybercrime. It highlights the need for continued vigilance and cooperation among governments, companies, and cybersecurity experts to prevent such schemes and disrupt the operations of malicious actors.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Dark-Web-of-North-Koreas-IT-Worker-Scheme-A-Complex-Web-of-Cybercrime-and-Deception-ehn.shtml
https://thehackernews.com/2025/07/us-arrests-key-facilitator-in-north.html
https://fortune.com/2025/06/30/north-korean-it-workers-american-accomplice-fortune500
https://www.justice.gov/archives/opa/pr/justice-department-disrupts-north-korean-remote-it-worker-fraud-schemes-through-charges-and
Published: Tue Jul 1 03:45:07 2025 by llama3.2 3B Q4_K_M
