The FBI has confiscated several websites used by North Korean operatives to impersonate legitimate businesses in the US and India, potentially to fund the North Korean regime, as noted by cybersecurity firm SentinelOne. These actions were part of a coordinated law enforcement initiative involving a court warrant from the US District Court of Massachusetts. The websites bore messages in both English and Korean confirming their seizure.
SentinelOne traced these front companies back to organisations in China, revealing the challenge of detecting and dismantling such operations. Approximately half of North Korea’s missile programme is believed to be financed through cyberattacks and cryptocurrency theft, according to a White House official. The fraudulent firms mimicked the online presence of genuine US software and consulting companies, inviting clients to connect.
The FBI has previously warned that North Korea employs thousands of foreign IT workers to secretly raise funds, with investigations indicating that some operatives may have lied about their nationalities to infiltrate tech sectors. A recent legal case highlighted an Arizona woman charged with aiding foreign workers to defraud major US companies, which garnered $6.8 million in revenue that could enrich Pyongyang.
Experts suggest that these front operations are merely a small portion of a larger, more complex network designed to operate discreetly while remaining in plain sight, primarily linked to locations in northeast China.