Friday, January 17, 2025
A crowdfunded project from 2016 might have been a front for state-sponsored scammers linked to North Korea, according to new research.
The Indiegogo project, dubbed "Kratos," promised to deliver a wireless storage drive for laptops and smartphones. But years later, researchers at cybersecurity vendor SecureWorks have traced Kratos to an obscure company accused of employing North Korean operatives to pose as remote IT workers.
SecureWorks discovered the link based on the FBI’s investigations into North Korea’s attempts to orchestrate the remote IT worker scheme, which has involved two front companies, Yanbian Silverstar and Volasys Silverstar.
The FBI recently seized silverstarchina.com, a domain associated with the front companies. SecureWorks then noticed the domain was registered to an email address, jinmaolin0628@hotmail.com, and a street address in China, where Yanbian Silverstar is located.
The same email address and street address were also registered to several other domain names, including kratosmemory.com, which was listed as the website for the Kratos project on Indiegogo in 2016. The project ended up raising $21,877 from 193 backers.
"However, buyer comments indicate that the campaign was a scam and that the campaign backers never received a product or refund from the seller," SecureWorks wrote in its report.
The finding suggests the North Korean regime was experimenting with various ways to generate revenue before it doubled down on using North Koreans to pose as remote IT workers. “This 2016 campaign was a low-effort, small monetary-return endeavor compared to the more elaborate North Korean IT worker schemes active as of this publication,” SecureWorks said.
In contrast, federal investigators have accused one group of North Koreans of generating at least $88 million through the remote IT worker scheme. The income was then used to help fund the North Korean government, which faces numerous sanctions from the US.
By: DocMemory Copyright © 2023 CST, Inc. All Rights Reserved
|