North Korean IT Contractor Fraud

The United States Department of Justice has revealed details of the successful dismantling of a laptop farm that was generating revenue for illicit North Korean weapons programs. A US citizen, Matthew Knoot, was responsible for managing laptop farm that generated hundreds of thousands of dollars to fund North Korea’s illicit weapons program.

Knoot, helped North Korean IT workers to get hired by US and British companies under false identities. 

The companies would send their laptops to the fake employees after being hired to work remotely, allowing Knoot to  install unauthorised remote access software to allow North Korean IT workers to log on from locations in China, while appearing to be working from locations in the US.

The US Justice Dept. indictment details a complex operation where Knoot allegedly used stolen identities to obtain remote work for North Korean nationals, who were pretending to be US citizens. These workers, based abroad, gained six-figure salaries which were laundered through international transfers to disguise their origins. 

Working with others, Knoot enabled these schemes through the use of unauthorised software installations on company-provided laptops. While the work was completed on US-based computers, Knoot and his co-conspirators earned a percentage of the salary, with the rest sent abroad. 

Knoot faces multiple charges, including conspiracy to damage protected computers and money laundering, carrying a maximum potential sentence of 20 years in prison if convicted.

North Korean-led Remote Working schemes has been a problem for both governments and the cyber security industry. Last month, security awareness training company KnowBe4 said that it had found and fired a newly hired software engineer on its internal IT team after the company realised it was actually a person controlled by a North Korean threat actor.

US Dept of Justice   |    Reuters   |    Williamson County Source   |    DL News   |     Cyberscoop   |     Inc   |   

 Cyber Daily  

Image: Ideogram

You Might Also Read: 

Most Wanted - North Korean Hackers:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Quantum Computing Security Could Solve The Data Sovereignty Challenge
APT42: Iranian Hackers At Work »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions is the manufacturer of the mobile device management solution Cortado MDM.

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

Firebrand

Firebrand

Firebrand is the leader in Accelerated Learning in the field of IT and project management.

Forter

Forter

Forter provides new generation fraud prevention to meet the challenges faced by modern enterprise e-commerce.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

Bureau Veritas

Bureau Veritas

Bureau Veritas are a world leader in Testing, Inspection and Certification. We provide certification and training services in areas including cybersecurity and data protection.

White Bullet

White Bullet

White Bullet’s risk profiling AI detects, dynamically scores and flags unsafe domains, apps and advertising.

NASK SA

NASK SA

NASK SA is an integrator of telecommunications services. We provide advanced ICT security services, collocation and hosting, data centre services, and build corporate networks.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

Security Risk Management (SRM)

Security Risk Management (SRM)

SRM provide a comprehensive security risk management service encompassing people, processes, technology, governance, compliance and risk management.

Cenobe Cyber Security

Cenobe Cyber Security

Cenobe provides customized solutions to keep you ahead of potential threats and ensure the security of your organization's systems and data.

Tidelift

Tidelift

Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.

Hive

Hive

Hive is a leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.

RedSense

RedSense

RedSense provides industry-leading threat intelligence services, adversary space interaction & monitoring, net flow monitoring and interpretation for our clients.