Hackingblogs: In recent weeks, a disturbing cyber operation linked to North Korea has been uncovered, and it’s important for everyone, especially businesses and tech professionals, to be aware.
According to new findings, North Korean hackers, posing as employees of fake US-based tech companies, are stealing money and data. These so-called “DPRK IT Workers” are part of a larger network that has connections to China, and they use these fake companies to trick people and businesses into handing over valuable resources. This scheme highlights a growing threat in the digital world that could affect anyone, from small businesses to large corporations.
Let’s take a closer look at how this works and why it’s so dangerous. All credit for the finding are given to sentinellabs Do check them out.
Who Are DPRK IT Workers ?
People who work in the information technology industry in the Democratic People’s Republic of Korea (DPRK), commonly referred to as North Korea, are known as DPRK IT workers. They work on a variety of initiatives, such as cybersecurity, network administration, and software development. North Korean IT personnel frequently acquire specialised knowledge and abilities as a result of international sanctions and restricted access to worldwide IT resources.
In order to avoid restrictions and finance the dictatorship, North Korea maintains a global network of highly qualified IT professionals through fake firms and false identities. With faked credentials, these workers—who specialise in software, blockchain, and cryptocurrency—secure remote jobs all around the world. North Korea’s weapons programmes and laundering of cash are supported by fake firms in China, Russia, and other countries.
This presents significant concerns for firms, including legal troubles, harm to their reputation, and security dangers like malware or data theft. Employers must carefully screen remote workers to prevent becoming victims of these scams.
Let’s Have A Look On Some Case Study
Is Independent Lab LLC a Reputable Company?
InterServer has been hosting the website inditechlab.com since May 2022, and it has been operational since February 2024. There are no visible indications of fraud or ties to North Korea, therefore it seems to be a genuine software outsourcing business.
However, the layout and content of the website are quite similar to those of Kitrum, a software company situated in the United States. Notably, Kitrum’s website no longer displays the “We Stand with Ukraine” link.
Even though the website appears to be professional, it is wise to exercise caution and confirm its credibility before doing business with the company.
Shenyang Tonywang Technology: Is It a Reputable Company?
“Shenyang Tonywang Technology” is the name of the website tonywangtech.com, which became live in November 2023. It was registered using NameCheap and shares hosting infrastructure (IP: 174.138.181[.]198) with other websites.
The website, which bills itself as a leading software consulting company with DevOps and cloud solutions, closely resembles the layout and content of Urolime, a reputable DevOps consultant with headquarters in the United States.
Even though it appears professional, use caution because the plagiarised content shows doubt on the legitimacy of the website. Before engaging, always make sure.
Is Tony WKJ LLC IT Services a Legitimate Business?
Since May 2024, Tony WKJ LLC IT Services has operated the website wkjllc.com, which is hosted on InterServer (IP: 174.138.181[.]198). Registration is done through NameCheap.
Tony WKJ LLC claims that it is a top software development firm with an emphasis on Rapid IT development. The website, however, is a near-exact duplicate of ArohaTech IT Services, a reputable Noida, India-based software and web development firm.
There are questions regarding the validity of the cloned website since it uses “Tony WKJ LLC” in place of ArohaTech’s logo and modifies the text to make the company appear to be situated in the US. Before using such websites, always make sure.
Is HopanaTech a Legitimate Business?
First registered in November 2020, hopanatech.com started hosting with Asia Web Services Ltd in December 2020 (IP: 180.235.135[.]177). Since late 2021, it has been accessible to the general public. NameCheap was used to register the domain.
HopanaTech describes itself as a custom software development business, just like the ones before it. Although the information has been significantly changed from its original sources, it still makes use of marketing collateral and user reviews from reliable websites. In several instances, the original source—such as ITechArt, a legitimate software company—is revealed by the material that has not changed.
Before interacting with HopanaTech, it is advisable to confirm their legitimacy because of these indications of copied and modified information.
FBI : Open The Door 🙂
Four firms, Independent Lab LLC, Shenyang Tonywang Technology, Tony WKJ LLC IT Services, and HopanaTech, had their domains taken by the US Government on October 10th when it was discovered that they were fronts for North Korean cyber activities. Organisations such as the FBI and Homeland Security Investigations led the takedown.
With material that alternates between Korean and English, the websites now show a seizure notice along with links to the US Treasury’s 2022 fact sheet on DPRK’s IT workers.
North Korea has demonstrated its capacity to take advantage of international markets for financial gain through the utilisation of the IT Worker scam, especially by faking respectable software companies with headquarters in the United States. The goals of these North Korean actors are to escape discovery, get around restrictions, and gain sensitive contracts. Their actions demonstrate a clever plan that uses the internet economy to finance government initiatives, such as the creation of weapons.