Microsoft has shut down 3,000 Outlook and Hotmail accounts created by North Korean IT workers posing as freelancers. These operatives infiltrated hundreds of Fortune 500 companies, tricking them into hiring fake remote workers. The scheme was part of a global fraud to fund North Korea’s illicit activities. Microsoft’s decisive action aims to disrupt this sophisticated cyber operation.
Another North Korean Hack Scheme Foiled
Microsoft, in collaboration with the U.S. Justice Department and the FBI, foiled a North Korean IT worker scheme aimed at infiltrating U.S. companies to fund North Korea’s operations. The operation involved North Korean operatives using stolen or fake identities to secure remote IT jobs at over 100 U.S. firms, including Fortune 500 companies.
The North Korean operation aims to generate funds for the regime’s weapons programs, including nuclear development. By infiltrating companies, workers earned up to $300,000 annually, funneling millions to Pyongyang.
Microsoft’s Threat Intelligence team uncovered a repository containing AI-enhanced images, forged resumes, and fraudulent email accounts used by the operatives. The company has suspended approximately 3,000 Outlook and Hotmail accounts linked to these workers, thwarting their ability to operate undetected.
Different Tactics at Different Times
Microsoft also teamed up with law enforcement to launch coordinated actions across 16 states, resulting in the seizure of 29 financial accounts, 21 websites, and 200 computers, as well as the dismantling of “laptop farms” used in the scheme, effectively disrupting North Korea’s illicit revenue generation.
As a result of the enforcement action, Zhenxing “Danny” Wang, a U.S. citizen from New Jersey, was apprehended for facilitating remote IT work for North Korean operatives. Additionally, indictments were issued against several Chinese and Taiwanese nationals, as well as four North Korean nationals, for their roles in the scheme involving wire fraud, money laundering, identity theft, and hacking.
This incident adds to the numerous schemes recently experimented with by North Korean hackers, who appear to stop at nothing in their nefarious activities. For example, back in April, the group set up two fake U.S. companies, Blocknovas LLC and Softglide LLC, to trick crypto developers into downloading malware. Posing as recruiters, the hackers used fake identities to launch attacks that exposed loopholes in the crypto industry.
