North Korean IT Workers
Country: Democratic People's Republic of Korea (DPRK) Objective: Corporate Espionage, Financial Gain (Page Last Updated: November 23, 2024) Organizations:
- 313 General Bureau of the Munitions Industry Department (MID)
- The Ministry of Atomic Energy Industry
- Ministry of Defense
- Korea People's Army
- DPRK Education Commission's Foreign Trade Office
- Pyongyang Information Technology Bureau of the Central Committee's Science and Education Department
- Pyongyang University of Automation (training)
- Technical Reconnaissance Bureau
- subordinate cyber unit: 110th Research Center
- Chinyong Information Technology Cooperation Company (Chinyong)
Companies employing DPRK IT workers:
- Yanbian Silverstar Network Technology Co. Ltd.
- Volasys Silver Star
Identified individuals assisting DPRK IT workers:
- Minh Phuong Vong
- Matthew Isaac Knoot
- Christina Marie Chapman
- Oleksandr Didenko
- Sim Hyon Sop (Sim)
Groups or Aliases:
- CL-STA-0237 (Unit 42)
- Nickel Tapestry (Secureworks)
- UNC5267 (Mandiant)
References
Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.
Links (Sorted in Chronological Order)
Unknown Date
- UK Office of Financial Sanctions Implementation HM Treasury: Advisory on North Korean IT Workers (PDF)
- Republic of Korea Ministry of Foreign Affairs: Advisory on the Democratic People's Republic of Korea Information Technology Workers
- Australian Government Department of Foreign Affairs and Trade: Advisory on Democratic People's Republic of Korea (DPRK) information technology (IT) workers
2024
- November 22, 2024 β Microsoft Threat Intelligence: Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON
- November 21, 2024 β SentinelOne: DPRK IT Workers | A Network of Active Front Companies and Their Links to China
- November 14, 2024 β Unit 42: Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack
- November 13, 2024 β Unit 42: Global Companies Are Unknowingly Paying North Koreans: Here's How to Catch Them
- November 01, 2024 β New York State Department of Financial Services: Re: Cybersecurity Advisory β Threats Posed by Remote Technology Workers with Ties to Democratic People's Republic of Korea
- October 24, 2024 β HYPR: HYPR Unmasks a Fake IT Worker: North Korea Isn't the Only Threat
- October 19, 2024 β KnowB34: North Korean IT Worker Threat: 10 Critical Updates to Your Hiring Process
- October 02, 2024 β CoinDesk: How North Korea Infiltrated the Crypto Industry
- October 01, 2024 β Bundesamt fΓΌr Verfassungsschutz (Germany): Private Sector Security Advisory | 02/2024 | 1 October 2024 | Subject: North Korean IT Workers
- September 23, 2024 β Mandiant: Staying a Step Ahead: Mitigating the DPRK IT Worker Threat
- August 19, 2024 β UK Government: Democratic People's Republic of Korea sanctions: guidance
- August 14, 2024 β Cinder: We found North Korean engineers in our application pile. Here's what our ex-CIA co founders did about it.
- August 08, 2024 β U.S. Department of Justice: Justice Department Disrupts North Korean Remote IT Worker Fraud Schemes Through Charges and Arrest of Nashville Facilitator
- July 23, 2024 β KnowBe4: How a North Korean Fake IT Worker Tried to Infiltrate Us
- May 16, 2024 β U.S. Department of Justice:
- Justice Department Announces Arrest, Premises Search, and Seizures of Multiple Website Domains to Disrupt Illicit Revenue Generation Efforts of Democratic People's Republic of Korea
- Charges and Seizures Brought in Fraud Scheme Aimed at Denying Revenue for Workers Associated with North Korea
- Criminal Complaint Charges Two Men With Conspiracy To Commit Wire Fraud
- May 16, 2024 β U.S. Department of State:
- May 16, 2024 β FBI: Democratic People's Republic of Korea Leverages U.S.-Based Individuals to Defraud U.S. Businesses and Generate Revenue
- April 22, 2024 β 38North: What We Learned Inside a North Korean Internet Server: How Well Do You Know Your Partners?
- February 21, 2024 β Mandiant: The North Korean IT Workers (podcast on Spotify)
2023
- December 11, 2023 β Nisos: Investigation: Probable DPRK Online Personas Used To Fraudulently Obtain Remote Employment at U.S. Companies
- October 18, 2023 β FBI: Additional Guidance on the Democratic People's Republic of Korea Information Technology Workers
- October 18, 2023 β U.S. Department of Justice: Justice Department Announces Court-Authorized Action to Disrupt Illicit Revenue Generation Efforts of Democratic People's Republic of Korea Information Technology Workers
- July 2023 β FBI: North Korean Tactics, Techniques, and Procedures for Revenue Generation (PDF)
- May 23, 2023 β U.S. Treasury: Treasury Targets DPRK Malicious Cyber and Illicit IT Worker Activities
- May 23, 2023 β U.S. Department of State: Joint U.S.-ROK Symposium on Countering DPRK Sanctions Evasion Involving DPRK IT Workers
- April 24, 2023 β U.S. Department of Justice: North Korean Foreign Trade Bank Representative Charged in Crypto Laundering Conspiracies
2022
- May 16, 2022 β U.S. Treasury:
Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat