Not Simon 🐐

Country: Democratic People's Republic of Korea (DPRK) Objective: Corporate Espionage, Financial Gain (Page Last Updated: December 12, 2024) Organizations:

• 313 General Bureau of the Munitions Industry Department (MID)
• The Ministry of Atomic Energy Industry
• Ministry of Defense
• Korea People's Army
• DPRK Education Commission's Foreign Trade Office
• Pyongyang Information Technology Bureau of the Central Committee's Science and Education Department
• Pyongyang University of Automation (training)
• Technical Reconnaissance Bureau
  • subordinate cyber unit: 110th Research Center
• Chinyong Information Technology Cooperation Company (Chinyong)

Companies employing DPRK IT workers:

• Yanbian Silverstar Network Technology Co. Ltd.
• Volasys Silver Star

Identified North Korean IT workers:

1. Jong Song Hwa (정성화), CEO of both Yanbian Silverstar Network Technology Co. Ltd. and Volasys Silver Star
2. Kim Ryu Song (김류성), president of Yanbian Silverstar
3. Ri Kyong Sik (리경식), president of Volasys Silver Star
4. Rim Un Chol (림은철), senior manager
5. Kim Mu Rim (김무림), senior manager
6. Cho Chung Pom (조충범), mid-level manager
7. Hyon Chol Song (현철성), mid-level manager
8. Son Un Chol (손은철), mid-level manager
9. Sok Kwang Hyok (석광혁), mid-level manager
10. Choe Jong Yong (최정용), IT worker
11. Ko Chung Sok (고충석), IT worker
12. Kim Ye Won (김예원), IT worker
13. Jong Kyong Chol (정경철), IT worker
14. Jang Chol Myong (장철명), IT worker

Identified individuals assisting DPRK IT workers:

• Minh Phuong Vong
• Matthew Isaac Knoot
• Christina Marie Chapman
• Oleksandr Didenko
• Sim Hyon Sop (Sim)

Groups or Aliases:

• CL-STA-0237 (Unit 42)
• Nickel Tapestry (Secureworks)
• UNC5267 (Mandiant)

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

Unknown Date

• UK Office of Financial Sanctions Implementation HM Treasury: Advisory on North Korean IT Workers (PDF)
• Republic of Korea Ministry of Foreign Affairs: Advisory on the Democratic People's Republic of Korea Information Technology Workers
• Australian Government Department of Foreign Affairs and Trade: Advisory on Democratic People's Republic of Korea (DPRK) information technology (IT) workers

2024

• December 12, 2024:
  • U.S. Department of Justice: Fourteen North Korean Nationals Indicted for Carrying Out Multi-Year Fraudulent Information Technology Worker Scheme and Related Extortions
  • U.S. Department of State: Rewards for Justice – Reward Offer for Information on DPRK IT Companies, IT Workers, and Related Money Laundering
  • Rewards for Justice Program: Yanbian Silverstar and Volasys Silverstar
• November 22, 2024 – Microsoft Threat Intelligence: Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON
• November 21, 2024 – SentinelOne: DPRK IT Workers | A Network of Active Front Companies and Their Links to China
• November 14, 2024 – Unit 42: Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack
• November 13, 2024 – Unit 42: Global Companies Are Unknowingly Paying North Koreans: Here's How to Catch Them
• November 01, 2024 – New York State Department of Financial Services: Re: Cybersecurity Advisory – Threats Posed by Remote Technology Workers with Ties to Democratic People's Republic of Korea
• October 24, 2024 – HYPR: HYPR Unmasks a Fake IT Worker: North Korea Isn't the Only Threat
• October 19, 2024 – KnowB34: North Korean IT Worker Threat: 10 Critical Updates to Your Hiring Process
• October 02, 2024 – CoinDesk: How North Korea Infiltrated the Crypto Industry
• October 01, 2024 – Bundesamt für Verfassungsschutz (Germany): Private Sector Security Advisory | 02/2024 | 1 October 2024 | Subject: North Korean IT Workers
• September 23, 2024 – Mandiant: Staying a Step Ahead: Mitigating the DPRK IT Worker Threat
• August 19, 2024 – UK Government: Democratic People's Republic of Korea sanctions: guidance
• August 14, 2024 – Cinder: We found North Korean engineers in our application pile. Here's what our ex-CIA co founders did about it.
• August 08, 2024 – U.S. Department of Justice: Justice Department Disrupts North Korean Remote IT Worker Fraud Schemes Through Charges and Arrest of Nashville Facilitator
• July 23, 2024 – KnowBe4: How a North Korean Fake IT Worker Tried to Infiltrate Us
• May 16, 2024 – U.S. Department of Justice:
  • Justice Department Announces Arrest, Premises Search, and Seizures of Multiple Website Domains to Disrupt Illicit Revenue Generation Efforts of Democratic People's Republic of Korea
  • Charges and Seizures Brought in Fraud Scheme Aimed at Denying Revenue for Workers Associated with North Korea
  • Criminal Complaint Charges Two Men With Conspiracy To Commit Wire Fraud
• May 16, 2024 – U.S. Department of State:
  • Rewards for Justice – Reward Offer for Information on North Korean IT Workers
  • Rewards for Justice Program: North Korean Information Technology (IT) Workers
• May 16, 2024 – FBI: Democratic People's Republic of Korea Leverages U.S.-Based Individuals to Defraud U.S. Businesses and Generate Revenue
• April 22, 2024 – 38North: What We Learned Inside a North Korean Internet Server: How Well Do You Know Your Partners?
• February 21, 2024 – Mandiant: The North Korean IT Workers (podcast on Spotify)

2023

• December 11, 2023 – Nisos: Investigation: Probable DPRK Online Personas Used To Fraudulently Obtain Remote Employment at U.S. Companies
• October 18, 2023 – FBI: Additional Guidance on the Democratic People's Republic of Korea Information Technology Workers
• October 18, 2023 – U.S. Department of Justice: Justice Department Announces Court-Authorized Action to Disrupt Illicit Revenue Generation Efforts of Democratic People's Republic of Korea Information Technology Workers
• July 2023 – FBI: North Korean Tactics, Techniques, and Procedures for Revenue Generation (PDF)
• May 23, 2023 – U.S. Treasury: Treasury Targets DPRK Malicious Cyber and Illicit IT Worker Activities
• May 23, 2023 – U.S. Department of State: Joint U.S.-ROK Symposium on Countering DPRK Sanctions Evasion Involving DPRK IT Workers
• April 24, 2023 – U.S. Department of Justice: North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies

2022

• May 16, 2022 – U.S. Treasury:
  • Guidance on the Democratic People's Republic of Korea Information Technology Workers (PDF)
  • Fact Sheet: Guidance on the Democratic People's Republic of Korea Information Technology Workers (PDF)

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat