North Korean engineers are using artificial intelligence and other technologies to fool foreign governments and corporations, landing overseas jobs and earning U.S. dollars to fund the regime of Kim Jong-un, the Asian Nikkei Review reported Thursday.
According to Nikkei, U.S. facilitators are aiding the Pyongyang regime in earning foreign currency to fund weapons programs. The newspaper referenced the case of Matthew Isaac Knoot, a 38-year-old man from Nashville, Tennessee, who ran a “laptop farm” with the intent to generate revenue for North Korea’s weapons program.
Knoot used the equipment and stolen identities to deceive American and British companies into hiring North Korean individuals pretending to be remote U.S. IT workers, laundering the proceeds from the remote IT jobs to accounts linked to both North Korean and Chinese actors. According to the Attorney’s Office for the Middle District of Tennessee, the “laptop farm” operation yielded revenues of over $250,000 between July 2022 and August 2023 per each false worker.
American authorities reportedly dismantled Knoot’s operation in August. He stands charged with aggravated identity theft and conspiracy to cause the unlawful employment of aliens, facing a maximum penalty of 20 years in prison if found guilty.
The “laptop farm” in Tennessee is the latest in a growing list of similar cases of North Korean actors apparently infiltrating U.S. tech companies using forged or stolen identities in an effort to fund the North Korean regime or for potential cyberattacks or intrusions.
Google’s security subsidiary Mandiant published a report in September detailing the schemes of a North Korean hacker group known as “UNC5267” that dedicates itself to infiltrate U.S. tech companies. According to the report, the group, which does not operate as a “traditional, centralized threat group,” has been operating since at least 2018. Its members have been sent by Pyongyang to live in China, Russia and, in a smaller proportion, to nations in Africa and Southeast Asia.
The group uses stolen identities to apply for various remote job positions or are brought to the companies through a contractor. Some of the individuals work multiple jobs at once, resulting in multi-million-dollar revenues for the North Korean regime.
“We’ve weeded out over 50 candidates that were North Korean spies,” she said, “to the point where I had to put certain controls in place in my hiring process,” Lili Infante, founder and CEO of CAT Labs, a Miami-based cybersecurity startup, told the Wall Street Journal in June.
Similarly, the cybersecurity firm KnowBe4 revealed in July that it had detected a North Korean spy posing as a remote software engineer in their own internal team. KnowBe4 explained on its website that it received the North Korean spy’s resume, conducted interviews, and performed various background checks, which the spy appears to have passed.
Upon being sent a workstation device, the North Korean spy immediately began to load malware to the firm’s network. The spy was able to deceive the firm through the use of a stolen U.S.-based identity and by using artificial intelligence to digitally alter a stock photograph.
Since May, the U.S. has offered a $5 million bounty for any information that can lead to the disruption of North Korean financing networks and information on North Korean IT workers that have generated at least $6.8 million in revenue for North Korea through illicitly obtained remote jobs with U.S. companies using more than 60 stolen U.S. identities.
Christian K. Caruzo is a Venezuelan writer and documents life under socialism. You can follow him on Twitter here.
