NICKEL TAPESTRY Infrastructure Associated with Crowdfunding Scheme
Contents
Secureworks® Counter Threat Unit™ (CTU) researchers are investigating network infrastructure links between North Korean IT worker schemes and a 2016 crowdfunding scam. The CTU™ research team attributes the IT worker schemes to the NICKEL TAPESTRY threat group.
In September 2018, the U.S. Department of Treasury's Office of Foreign Asset Control (OFAC) designated two information technology companies as violating sanctions, including operating as front companies to facilitate employment of North Korean IT workers and channeling illicit revenue to North Korea (officially the Democratic People's Republic of Korea (DPRK)) from overseas IT workers. The designated companies were China-based Yanbian Silverstar Network Technology Co., Ltd (“Yanbian Silverstar”) and Russia-based Volasys Silver Star. Yanbian is a Korean autonomous prefecture in Jilin, China, located near China's border with North Korea (see Figure 1).
Figure 1. Location of Yanbian Korean autonomous prefecture. (Source: Google Maps)
According to a U.S. Federal Bureau of Investigation (FBI) affidavit filed in October 2023, …
In September 2018, the U.S. Department of Treasury's Office of Foreign Asset Control (OFAC) designated two information technology companies as violating sanctions, including operating as front companies to facilitate employment of North Korean IT workers and channeling illicit revenue to North Korea (officially the Democratic People's Republic of Korea (DPRK)) from overseas IT workers. The designated companies were China-based Yanbian Silverstar Network Technology Co., Ltd (“Yanbian Silverstar”) and Russia-based Volasys Silver Star. Yanbian is a Korean autonomous prefecture in Jilin, China, located near China's border with North Korea (see Figure 1).
Figure 1. Location of Yanbian Korean autonomous prefecture. (Source: Google Maps)
According to a U.S. Federal Bureau of Investigation (FBI) affidavit filed in October 2023, …
IoC
36.97.143.26