Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Behind the façade of trust, there is a carefully planned scheme of deception.
The U.S. government has cracked down on four companies linked to North Korean IT workers that were masquerading as legitimate consulting firms. These companies used copies of the websites of well-known companies to hide their affiliation with the DPRK and attract customers. The identified firms acted to circumvent international sanctions and support the government's weapons production program.
According to the study According to SentinelLabs, these companies not only mimicked the website designs of American and Indian tech companies, but also actively used fake accounts to interact with customers. Among the identified companies are Independent Lab LLC, Shenyang Tonywang Technology LTD, Tony WKJ LLC and HopanaTech. All of them created the illusion of legitimacy by using professional descriptions and fake reviews.
Firms worked through hosting services, registered domains on popular platforms, and often used cryptocurrencies and shady banking systems to transfer money. This made it possible to hide the origin of funds and use them to finance the state programs of the DPRK.
In addition, SentinelLabs has established a connection between these firms and other companies already registered in China. For example, Shenyang Huguo Technology Ltd, which also copied the content of legitimate firms and continued to work until law enforcement intervened.
The connection with China underscores the scale and complexity of the scheme. This approach allows the DPRK to manipulate global markets and secure its financing despite sanctions. Such schemes pose serious risks to companies, including data breaches, malware installations, and reputational damage.
The study identified key network nodes, including connections to individuals and other companies such as Beijing Xiwang Technology Company. It was found that the registration data overlapped with other firms managed by the same person, which reinforces suspicions that they belong to the DPRK scheme.
U.S. government agencies, including the Department of Justice and the FBI, have liquidated the domains of these companies. The seized sites now contain blocking warnings and links to documents explaining the criminal scheme.
Experts urge businesses to carefully check counterparties in order to avoid participation in such illegal transactions. Awareness and rigorous vetting procedures are key measures to counter such threats.
Source
The U.S. government has cracked down on four companies linked to North Korean IT workers that were masquerading as legitimate consulting firms. These companies used copies of the websites of well-known companies to hide their affiliation with the DPRK and attract customers. The identified firms acted to circumvent international sanctions and support the government's weapons production program.
According to the study According to SentinelLabs, these companies not only mimicked the website designs of American and Indian tech companies, but also actively used fake accounts to interact with customers. Among the identified companies are Independent Lab LLC, Shenyang Tonywang Technology LTD, Tony WKJ LLC and HopanaTech. All of them created the illusion of legitimacy by using professional descriptions and fake reviews.
Firms worked through hosting services, registered domains on popular platforms, and often used cryptocurrencies and shady banking systems to transfer money. This made it possible to hide the origin of funds and use them to finance the state programs of the DPRK.
In addition, SentinelLabs has established a connection between these firms and other companies already registered in China. For example, Shenyang Huguo Technology Ltd, which also copied the content of legitimate firms and continued to work until law enforcement intervened.
The connection with China underscores the scale and complexity of the scheme. This approach allows the DPRK to manipulate global markets and secure its financing despite sanctions. Such schemes pose serious risks to companies, including data breaches, malware installations, and reputational damage.
The study identified key network nodes, including connections to individuals and other companies such as Beijing Xiwang Technology Company. It was found that the registration data overlapped with other firms managed by the same person, which reinforces suspicions that they belong to the DPRK scheme.
U.S. government agencies, including the Department of Justice and the FBI, have liquidated the domains of these companies. The seized sites now contain blocking warnings and links to documents explaining the criminal scheme.
Experts urge businesses to carefully check counterparties in order to avoid participation in such illegal transactions. Awareness and rigorous vetting procedures are key measures to counter such threats.
Source
