The U.S. Treasuryβs OFAC sanctioned six individuals and two entities for operating a DPRK IT worker scheme that defrauds U.S. businesses and funnels illicit revenue to fund North Koreaβs WMD programs. The operation uses fake identities, AI-enabled persona fabrication, VPNs like Astrill, and malware-driven extortion to gain sustained access to companies and evade detection. #JasperSleet #Amnokgang
Keypoints
- OFAC sanctioned six individuals and two entities tied to a DPRK IT worker fraud scheme funding WMD programs.
- The scheme relies on bogus documentation, stolen identities, fabricated personas, and recruited western collaborators to obtain jobs and access.
- Operators use malware and extortion to steal proprietary data and demand ransoms or monetize stolen information.
- Threat actors leverage AI tools (including Faceswap and jailbroken LLMs) and VPN services like Astrill to fabricate identities and conceal locations.
- Investigations by Microsoft, LevelBlue, Flare, and IBM X-Force reveal a multi-tiered structure of recruiters, facilitators, IT workers, and collaborators enabling long-term intrusion.
Read More: https://thehackernews.com/2026/03/ofac-sanctions-dprk-it-worker-network.html