FBI seizes websites that North Koreans allegedly used to impersonate American companies

The FBI has seized multiple websites used by North Korean operatives to impersonate legitimate U.S. and Indian businesses, according to a statement from the agency and cybersecurity experts. These websites were part of a broader scheme likely aimed at raising money for the North Korean regime, with the funds potentially supporting its nuclear program. The operation was uncovered by the cybersecurity firm SentinelOne, which identified the websites and traced them to a larger set of organizations operating out of China.

On Thursday, SentinelOne researchers revealed that the FBI had seized four websites associated with these North Korean front companies. The websites, which had both English and Korean language statements, explained the seizures as part of a coordinated law enforcement action authorized by the U.S. District Court of Massachusetts. The action was aimed at curbing North Korean activities that violated U.S. sanctions and national security interests. The front companies had closely mimicked legitimate U.S. software and consulting firms, prompting visitors to contact them for services. These fake companies were often used to generate illicit revenue, much of which is believed to fund North Korea’s nuclear and missile programs.

The FBI declined to comment further on the seizure, but the agency, along with other U.S. law enforcement, pointed visitors to a 2022 warning about North Korea’s use of foreign IT workers to generate funds. In that year, a CNN investigation revealed how North Korean operatives, often impersonating workers from other countries, targeted U.S. cryptocurrency and tech companies. The operation was part of a larger cyber campaign to steal money for North Korea’s military ambitions. One entrepreneur told CNN that his company had unknowingly sent tens of thousands of dollars to the North Korean government after being tricked into hiring a North Korean IT worker.

In some instances, U.S. citizens may have unknowingly helped these operatives. For example, federal prosecutors in May charged an Arizona woman who allegedly helped foreign IT workers impersonate Americans to gain employment at U.S. companies. This fraud scheme reportedly generated $6.8 million, money that may have indirectly benefited the North Korean regime.

Tom Hegel, principal threat researcher at SentinelOne, warned that the websites seized by the FBI represent only a small part of a much larger operation. “These front companies and websites are just the tip of the iceberg,” Hegel said, describing the operation as one that is deeply entrenched and designed to remain hidden in plain sight. Hegel and his colleague, Dakota Cary, traced some of the activities back to an address in Liaoning, a Chinese province bordering North Korea. This is not the first time that cybersecurity experts have linked North Korean operations to northeast China. In April, CNN reported on a North Korean computer server that contained files believed to be created for U.S. animation studios. The server logs showed multiple visits from internet connections originating in northeast China, further raising questions about Chinese involvement in the North Korean cyber activities.

The Biden administration has faced significant challenges in addressing these kinds of North Korean cyber threats. As part of its efforts to combat the regime’s funding methods, the U.S. has been ramping up measures to identify and thwart the use of fraudulent companies and cyber operations that allow North Korea to evade international sanctions. Cyberattacks and cryptocurrency theft have become key revenue sources for the regime, with estimates suggesting that roughly half of North Korea’s missile program is funded through these illicit activities.

This latest seizure of websites highlights the continued threat posed by North Korean cyber operatives, who have become adept at operating under the radar. These tactics not only undermine international efforts to isolate North Korea but also threaten U.S. companies that may unknowingly become involved in the regime’s activities. The operation emphasizes the need for heightened vigilance and cooperation between international governments and cybersecurity experts to prevent further exploitation by North Korean actors.

As the FBI and other law enforcement agencies work to combat these illegal activities, the complexity and scale of the operation are becoming clearer. Experts like Hegel warn that this is just a small part of a much larger system, one that will require sustained efforts and vigilance to dismantle. The larger issue of North Korean cyber operations and their potential to fund military initiatives remains a major challenge for global security, and efforts to tackle it are likely to intensify in the coming years.