U.S. authorities have uncovered a sophisticated North Korean espionage network that utilized computer farms to infiltrate U.S. companies, according to cybersecurity news site Bleeping Computer. This case highlights a concerning new trend in international cyber espionage.
Why this matters. North Korea is not only funding its nuclear weapons program but also stealing jobs and funds from ordinary American citizens.
Some context. The Department of Justice arrested Matthew Isaac Knoot, a 38-year-old Nashville resident, charged with assisting North Korean computer workers in obtaining remote jobs with U.S. companies.
Knoot reportedly operated a computer farm that enabled North Korean spies to impersonate U.S. citizens.
How it worked:
- Knoot allegedly received computers sent by victim companies to their supposed remote employees, all named “Andrew M.”
- He reportedly installed unauthorized remote desktop apps on the laptops.
- According to the authorities, the North Korean spies would remotely access them from China, appearing to connect to work from Nashville.
- Between July 2022 and August 2023, each spy supposedly generated more than $250,000 for the North Korean regime.
This isn’t an isolated case. Knoot is the second American to be arrested for operating such farms. In March, authorities arrested Christina Marie Chapman in Arizona for similar reasons. In her case, she raised $6.8 million for the North Korean regime, according to the CNN. Bloomberg reported how that income funds its nuclear weapons program.
Michael Barnhart, an analyst at cybersecurity company Mandiant, told Bleeping Computer that this practice is quite widespread among Fortune 500 companies, which are the largest U.S. companies by total revenue.
Some perspective. These cases highlight the potential dangers of remote work when companies don’t have proper security protocols in place when hiring employees.
Additionally, they point to the threat of North Korean spies pretending to be U.S. computer scientists, which the FBI has been warning about since 2023.
In detail. In July, cybersecurity company KnowBe4 acknowledged that it unintentionally hired one of these spies. Despite conducting a background check, the individual had assumed someone else’s identity. The company had four video calls with the spy, who had created an AI avatar that successfully bypassed its security measures.
KnowBe4 shared the photo the spy used, along with the original stock image it was based on, on its corporate blog. The spy had also used AI to alter the face in the picture.
Left: original stock photo. Right: AI modification made by the North Korean spy. | Image: KnowBe4
According to KnowBe4, the spy immediately began installing malware aimed at stealing confidential information right after the company shipped a corporate Mac to him and granted him access to the platforms.
This article was written by Javier Lacort and originally published in Spanish on Xataka.
Image | Xataka using Midjourney
View 0 comments