#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

IT Fraud | Breaking Cybersecurity News | The Hacker News

Category — IT Fraud
U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme

U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme

Jul 09, 2025 Malware / Cyber Crime
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme. The Treasury said Song Kum Hyok, a 38-year-old North Korean national with an address in the Chinese province of Jilin, enabled the fraudulent operation by using foreign-hired IT workers to seek remote employment with U.S. companies and planning to split income with them. Between 2022 and 2023, Song is alleged to have used the identities of U.S. people, including their names, addresses, and Social Security numbers, to craft aliases for the hired workers, who then used these personas to pose as U.S. nationals looking for remote jobs in the country. The development comes days after the U.S. Department of Justice (DoJ) announced sweeping actions targeting the North Korean information technology (IT) worker scheme, leading to the arrest of one indi...
DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations

DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations

Jan 24, 2025 IT Fraud / Cybercrime
The U.S. Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology (IT) worker scheme that seeks to generate revenue for the Democratic People's Republic of Korea (DPRK) in violation of international sanctions. The action targets Jin Sung-Il (진성일), Pak Jin-Song (박진성), Pedro Ernesto Alonso De Los Reyes, Erick Ntekereze Prince, and Emanuel Ashtor. Alonso, who resides in Sweden, was arrested in the Netherlands on January 10, 2025, after a warrant was issued. All five defendants have been charged with conspiracy to cause damage to a protected computer, conspiracy to commit wire fraud and mail fraud, conspiracy to commit money laundering, and conspiracy to transfer false identification documents. Jin and Pak have also been charged with conspiracy to violate the International Emergency Economic Powers Act. If convicted, each of them faces a ...
U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs

U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs

Jan 17, 2025 Insider Threat / Cryptocurrency
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People's Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation of international sanctions. "These IT workers obfuscate their identities and locations to fraudulently obtain freelance employment contracts from clients around the world for IT projects, such as software and mobile application development," the Treasury Department said . "The DPRK government withholds up to 90% of the wages earned by these overseas workers, thereby generating annual revenues of hundreds of millions of dollars for the Kim regime's weapons programs to include weapons of mass destruction (WMD) and ballistic missile programs." The action represents the latest salvo in the U.S. g...
cyber security

10 Best Practices for Building a Resilient, Always-On Compliance Program

websiteXM CyberCyber Resilience / Compliance
Download XM Cyber's handbook to learn 10 essential best practices for creating a robust, always-on compliance program.
cyber security

Maximize the Security Tools You Already Have

websitePrelude SecuritySecurity Control Validation
Hone your EDR, identity, vuln, and email platforms against the threats that matter with a 14-day trial.
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains

North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains

Jan 15, 2025 Blockchain / Cryptocurrency
Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making scams that predate the use of IT workers, SecureWorks Counter Threat Unit (CTU) said in a report shared with The Hacker News. The IT worker fraud scheme , which came to light in late 2023, involves North Korean actors infiltrating companies in the West and other parts of the world by surreptitiously seeking employment under fake identities to generate revenue for the sanctions-hit nation. It's also tracked under the names Famous Chollima, Nickel Tapestry, UNC5267, and Wagemole. The IT personnel, per South Korea's Ministry of Foreign Affairs (MoFA), have been assessed to be part of the 313th General Bureau, an organization under the Munitions Industry Department of the Workers' Party of Korea. ...
Expert Insights Articles Videos
Cybersecurity Resources