Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Recently, the U.S. Department of Justice indicted a Nashville resident, Matthew Isaac Knuth, for his involvement in a scheme orchestrated by North Korea to illegally obtain remote work in the IT sector. Knuth's activities have allowed North Korean operators to impersonate U.S. citizens and work for U.S. and British companies.
According to the indictment, Knuth, 38, played a key role in a decades-long conspiracy that allowed North Korean IT professionals to get remote jobs while pretending to be U.S. residents. These workers, who were primarily based in China, gained access to company systems using stolen American identities.
Knuth facilitated this deceptive scheme by placing laptops provided by companies at his home in Nashville. He installed unauthorized remote access software on them, which allowed operators to operate from overseas, making it appear that they were in the United States.
An investigation by the Department of Justice found that Knuth's laptop farm operated from July 2022 to August 2023. During this period, North Korean IT workers earned more than $250,000 each. These funds were transferred to accounts associated with North Korean and Chinese agents.
The proceeds obtained in this way directly contributed to the financing of North Korea's banned weapons of mass destruction programs. Knuth's actions caused more than $500,000 in damage to companies, mainly due to the cost of auditing and restoring systems.
Assistant Attorney General Matthew G. Olsen highlighted the significant national security threats posed by the scheme and warned U.S. companies of the growing danger posed by North Korea. He also recalled the need to strengthen precautions when hiring employees. These accusations follow the launch in March of this year, the "DPRK RevGen: Domestic Enabler Initiative," aimed at identifying and dismantling operations like Knuth's "laptop farm".
Knuth faces numerous charges, including conspiracy to damage protected computers, money laundering, wire fraud, and identity theft. If convicted, he faces up to 20 years in prison, with a mandatory minimum of two years for identity theft.
The case is part of a broader pattern of cybercrimes carried out by North Korea against U.S. companies. Last month, cybersecurity company KnowBe4 thwarted a North Korean hacker's attempt to break into its IT systems while posing as a software engineer by successfully passing all stages of the vetting process, including video interviews and background checks.
The scam was discovered when KnowBe4's Security Center identified suspicious activity at the workplace of a new employee who had received equipment at an address associated with a network of "laptop farms" similar to the one run by Knuth.
The increasing sophistication of North Korean cybercriminal operations, as demonstrated in both the Knuth case and the KnowBe4 incident, underscores the need for increased security measures in U.S. cybercriminals.companies. This includes conducting more thorough background checks, confirming the physical location of remote employees, and closely monitoring inconsistencies in delivery addresses and places of residence.
• Source: https://www.justice.gov/usao-mdtn/p...e-it-worker-fraud-schemes-through-charges-and
*****
Former CIA agents explain how North Korea found sources of income in the West
The American technology company Cinder faced an unusual problem - in their database of candidates for vacancies there were North Korean engineers who are supposed to work in the interests of the DPRK government.
Cases like this are becoming more common among U.S. companies that hire employees to work remotely. North Korean engineers, for example, in China, are trying to get remote positions in American companies in order to earn money for the DPRK by working under false names.
Cinder notes that North Korea has long sent its citizens abroad to earn funds, which then go to the state treasury. Such workers are required to meet wage quotas, a large part of which is at the disposal of the government. To prevent escapes, the families of employees remain in North Korea as "hostages."
The situation has escalated since the COVID-19 pandemic, with a surge in remote job openings, especially in the tech industry. Many engineers from the DPRK are attracted by high salaries in the United States, which can be several times higher than their monthly quotas. Former North Korean businessman Hyun-Seung Lee said that the quota for an IT worker from the DPRK working in China is about $6,000 per month, and many companies in the United States can easily cover this amount.
Cinder, whose founders are former CIA officers, was able to quickly recognize and neutralize the threat. Cinder executives have previously worked on cybersecurity and human rights issues in North Korea, which helped them quickly identify suspicious candidates.
One of the founders of Cinder noted that working for the CIA helped the company recognize the working methods of North Korean specialists. Candidates suspected of working for the DPRK often had no online presence outside of corporate networks, used newly created profiles and altered (or AI-generated) photos, and were poorly versed in the technology and locations they indicated on their resumes. In addition, such candidates showed a strong reluctance to travel and adhered to pre-prepared answers to questions.
Cinder began to screen candidates more thoroughly, using additional techniques to analyze their work history, social media profiles, and interview behavior. Despite this, sometimes suspicious candidates still reached the interview stage, where their deceptions were revealed in the process of communication. In one such case, the candidate, having learned that Cinder's clients were investigating state espionage, instantly ended the Zoom call and did not get in touch again.
Currently, Cinder continues to receive applications from North Korean engineers and actively shares information with partners in the security and recruiting industries. Companies recommend carefully vetting candidates, especially those who insist on working fully remotely, to avoid unwanted collaborations.
Recall that in early August, 38-year-old Matthew Isaac Knuth was arrested in the United States on charges of helping North Korean IT specialists get remote work in American companies. The arrested man created conditions for specialists from North Korea, using fake data, to givetake themselves for U.S. citizens. Knuth set up a so-called "laptop farm" — he received computers sent in the name of a fictitious citizen, installed remote access software on the laptops, and allowed North Korean hackers to operate from China, creating the illusion of a presence in the United States.
• Source: https://www.cinder.co/blog-posts/north-korean-engineers-in-our-application-pile
According to the indictment, Knuth, 38, played a key role in a decades-long conspiracy that allowed North Korean IT professionals to get remote jobs while pretending to be U.S. residents. These workers, who were primarily based in China, gained access to company systems using stolen American identities.
Knuth facilitated this deceptive scheme by placing laptops provided by companies at his home in Nashville. He installed unauthorized remote access software on them, which allowed operators to operate from overseas, making it appear that they were in the United States.
An investigation by the Department of Justice found that Knuth's laptop farm operated from July 2022 to August 2023. During this period, North Korean IT workers earned more than $250,000 each. These funds were transferred to accounts associated with North Korean and Chinese agents.
The proceeds obtained in this way directly contributed to the financing of North Korea's banned weapons of mass destruction programs. Knuth's actions caused more than $500,000 in damage to companies, mainly due to the cost of auditing and restoring systems.
Assistant Attorney General Matthew G. Olsen highlighted the significant national security threats posed by the scheme and warned U.S. companies of the growing danger posed by North Korea. He also recalled the need to strengthen precautions when hiring employees. These accusations follow the launch in March of this year, the "DPRK RevGen: Domestic Enabler Initiative," aimed at identifying and dismantling operations like Knuth's "laptop farm".
Knuth faces numerous charges, including conspiracy to damage protected computers, money laundering, wire fraud, and identity theft. If convicted, he faces up to 20 years in prison, with a mandatory minimum of two years for identity theft.
The case is part of a broader pattern of cybercrimes carried out by North Korea against U.S. companies. Last month, cybersecurity company KnowBe4 thwarted a North Korean hacker's attempt to break into its IT systems while posing as a software engineer by successfully passing all stages of the vetting process, including video interviews and background checks.
The scam was discovered when KnowBe4's Security Center identified suspicious activity at the workplace of a new employee who had received equipment at an address associated with a network of "laptop farms" similar to the one run by Knuth.
The increasing sophistication of North Korean cybercriminal operations, as demonstrated in both the Knuth case and the KnowBe4 incident, underscores the need for increased security measures in U.S. cybercriminals.companies. This includes conducting more thorough background checks, confirming the physical location of remote employees, and closely monitoring inconsistencies in delivery addresses and places of residence.
• Source: https://www.justice.gov/usao-mdtn/p...e-it-worker-fraud-schemes-through-charges-and
*****
Former CIA agents explain how North Korea found sources of income in the West
The American technology company Cinder faced an unusual problem - in their database of candidates for vacancies there were North Korean engineers who are supposed to work in the interests of the DPRK government.
Cases like this are becoming more common among U.S. companies that hire employees to work remotely. North Korean engineers, for example, in China, are trying to get remote positions in American companies in order to earn money for the DPRK by working under false names.
Cinder notes that North Korea has long sent its citizens abroad to earn funds, which then go to the state treasury. Such workers are required to meet wage quotas, a large part of which is at the disposal of the government. To prevent escapes, the families of employees remain in North Korea as "hostages."
The situation has escalated since the COVID-19 pandemic, with a surge in remote job openings, especially in the tech industry. Many engineers from the DPRK are attracted by high salaries in the United States, which can be several times higher than their monthly quotas. Former North Korean businessman Hyun-Seung Lee said that the quota for an IT worker from the DPRK working in China is about $6,000 per month, and many companies in the United States can easily cover this amount.
Cinder, whose founders are former CIA officers, was able to quickly recognize and neutralize the threat. Cinder executives have previously worked on cybersecurity and human rights issues in North Korea, which helped them quickly identify suspicious candidates.
One of the founders of Cinder noted that working for the CIA helped the company recognize the working methods of North Korean specialists. Candidates suspected of working for the DPRK often had no online presence outside of corporate networks, used newly created profiles and altered (or AI-generated) photos, and were poorly versed in the technology and locations they indicated on their resumes. In addition, such candidates showed a strong reluctance to travel and adhered to pre-prepared answers to questions.
Cinder began to screen candidates more thoroughly, using additional techniques to analyze their work history, social media profiles, and interview behavior. Despite this, sometimes suspicious candidates still reached the interview stage, where their deceptions were revealed in the process of communication. In one such case, the candidate, having learned that Cinder's clients were investigating state espionage, instantly ended the Zoom call and did not get in touch again.
Currently, Cinder continues to receive applications from North Korean engineers and actively shares information with partners in the security and recruiting industries. Companies recommend carefully vetting candidates, especially those who insist on working fully remotely, to avoid unwanted collaborations.
Recall that in early August, 38-year-old Matthew Isaac Knuth was arrested in the United States on charges of helping North Korean IT specialists get remote work in American companies. The arrested man created conditions for specialists from North Korea, using fake data, to givetake themselves for U.S. citizens. Knuth set up a so-called "laptop farm" — he received computers sent in the name of a fictitious citizen, installed remote access software on the laptops, and allowed North Korean hackers to operate from China, creating the illusion of a presence in the United States.
• Source: https://www.cinder.co/blog-posts/north-korean-engineers-in-our-application-pile
