The U.S. Treasury has uncovered a sophisticated fraud network used by North Korea to target American companies with hackers disguised as legitimate job applicants. These “remote IT workers” not only seek employment but also engage in data theft and ransom demands once inside the companies.
Sanctions and Profits
The Treasury’s latest move targets individuals like Vitaliy Sergeyevich Andreyev, a Russian national involved in facilitating payments to a company called Chinyong. This company, along with others like Shenyang Geumpungri and Sinjin, employs fraudulent IT workers on behalf of the North Korean government. The scheme has generated profits of at least $1 million for the regime, aiding in funding its illicit activities, including the nuclear weapons program.
Escaping Detection
Despite increased awareness, North Korean hackers are becoming more adept at securing jobs in U.S. and Western companies using fake identities and documents. Security experts warn that these infiltrations pose a significant threat, with hundreds of American companies already compromised by these tactics.
Implications for Companies
The Treasury’s sanctions now hold U.S. companies accountable for ensuring they do not unwittingly hire North Koreans or other sanctioned individuals. Any business conducting transactions with the entities listed by the Treasury could face legal repercussions, emphasizing the need for heightened vigilance in the hiring process.
