Uncovering the DPRK’s Remote IT Worker Fraud Scheme
Contents
Blog
Flashpoint Investigation: Uncovering the DPRK’s Remote IT Worker Fraud Scheme
In this post, we delve into Flashpoint’s investigation of a multi-million dollar North Korean remote IT worker fraud scheme, revealing their deceptive tactics through the analysis of compromised credentials and infostealer logs.
On December 12, 2024, the United States indicted fourteen North Korean nationals for using stolen identities to get remote IT jobs at US-based companies and nonprofits. Over the last six years, this scheme has provided the North Korean government (DPRK) at least $88 million USD and ever since its discovery, Fortune 500 companies, technology and cryptocurrency industries have been reporting even more secret DPRK agents siphoning funds, intellectual property, and information.
Leveraging Flashpoint’s expansive intelligence collection, our analysts conducted an investigation that uncovered the tactics and procedures used by North Korean threat actors in this scheme. How? By using information-stealing malware infections against them, uncovering key communications shedding light on their …
Flashpoint Investigation: Uncovering the DPRK’s Remote IT Worker Fraud Scheme
In this post, we delve into Flashpoint’s investigation of a multi-million dollar North Korean remote IT worker fraud scheme, revealing their deceptive tactics through the analysis of compromised credentials and infostealer logs.
On December 12, 2024, the United States indicted fourteen North Korean nationals for using stolen identities to get remote IT jobs at US-based companies and nonprofits. Over the last six years, this scheme has provided the North Korean government (DPRK) at least $88 million USD and ever since its discovery, Fortune 500 companies, technology and cryptocurrency industries have been reporting even more secret DPRK agents siphoning funds, intellectual property, and information.
Leveraging Flashpoint’s expansive intelligence collection, our analysts conducted an investigation that uncovered the tactics and procedures used by North Korean threat actors in this scheme. How? By using information-stealing malware infections against them, uncovering key communications shedding light on their …