North Korean Cyber operative worked undercover at Fisker for a year, causing further troubles for the auto manufacturer.
In a series of disturbing revelations, it has been exposed that North Korean spies have been infiltrating U.S. companies, particularly the automotive industry, through fake IT employment. This scheme, involving North Koreans posing as remote IT workers using false identities and resumes, has compromised even well-prepared cybersecurity professionals.
The electric carmaker, Fisker Inc., based in Manhattan Beach, unwittingly hired a North Korean spy named Kou Thao as a remote IT worker in October 2021. Although Fisker terminated Thao in September 2023 after being alerted to the scheme by the Justice Department, the financial fallout from Thao's espionage activities may have contributed to Fisker's bankruptcy filing in June 2024, nine months after Thao's dismissal.
The Department of Justice disclosed that fraudsters managed to place fake IT workers in over 300 American companies, including at least one American car manufacturer and several Fortune 500 companies based in Detroit—a city known as a hub for major automotive manufacturers. While the companies are unnamed, these reports imply that multiple automotive manufacturers were targeted as part of this expansive espionage and fraud campaign.
North Korean spies, often infiltrating through low-level positions, gain access not only to cash but also to valuable intellectual property. Security research from CrowdStrike confirmed a sharp rise in North Korean remote IT worker infiltrations—over 320 incidents in the past year—highlighting that these operatives not only stole data but also exploited AI tools to create convincing fake identities for employment, thereby increasing the risk and scale of the infiltration.
The FBI has issued warnings about North Korean spies not only in the automotive industry but also in the finance and crypto sectors. Recent intelligence suggests North Korean actors are specifically researching targets connected to cryptocurrency exchange-traded funds (ETFs), signaling a threat to companies involved with large cryptocurrency holdings. The FBI highlights North Korea as a persistent, highly capable threat to organizations in the cryptocurrency space, as North Korean cyber actors are running sophisticated, hard-to-detect social engineering campaigns targeting employees in decentralized finance (DeFi) and cryptocurrency sectors to deploy malware and steal digital assets.
It is important to note that this is not an isolated incident involving Fisker alone. Other major American automotive manufacturers, such as General Motors and Ford Motor Company (both based in Detroit), have also been targeted in this scheme. Thao, for instance, used a fraudulent Arizona address connected to another conspirator, Christina Chapman, to set up laptops for North Korean operatives to access networks in Russia and China. In April 2022, a contractor employed by a Detroit-based Fortune 500 automaker, identified only as "Frank C.", was involved in the conspiracy alongside Christina Chapman.
In light of these developments, it is crucial for companies to remain vigilant and strengthen their cybersecurity measures. The FBI encourages companies to be aware of the threat posed by North Korean actors and to implement robust security protocols to protect against such infiltrations. The CEO of Fisker, Henrik Fisker, did not comment on the matter due to the ongoing FBI investigation.
[1] The Washington Post [2] CrowdStrike
- The financial fallout from North Korean spies' infiltration of American businesses, such as the fraudulent employment of Kou Thao at Fisker Inc., can potentially lead to bankruptcy, as seen with Fisker's filing in June 2024.
- North Korean spies are not only targeting the automotive industry but also expanding their reach to other sectors like finance and crypto, with intelligence suggesting they are specifically researching targets connected to cryptocurrency exchange-traded funds (ETFs).
- Cybersecurity in general-news and crime-and-justice sectors is of significant importance, given the increasing use of technology in business and the threats posed by North Korean spies, who are adept at creating fake identities and evading detection.
