- Fisker, the bankrupt electric vehicle manufacturer, became a victim of a North Korean IT scam
- The company employed the worker for almost a year before the FBI stepped in
- Money earned through fraudulent means was reportedly funneled into North Korea’s missile program, among other activities
In what could be mistaken for a plot from a spy thriller, Fisker’s recent mishap resembles anything but routine business. The automaker found itself entangled in a sophisticated cyber espionage scheme that led to the unintentional hiring of a person from North Korea as part of its tech team.
You might be wondering why a North Korean operative would target Fisker. Surely, with the unveiling of the new, high-end Madusan EV in Pyongyang earlier this year, they wouldn’t be after Fisker’s innovations. Spoiler alert: that wasn’t the case.
InsideEVs
As reported by the Danish outlet The Engineer, North Korean operatives were using Fisker as a pawn in a far-reaching money laundering operation. The surprising twist? According to the U.S. Justice Department, the funds that financed the bogus employee’s salary eventually supported North Korea’s ballistic missile efforts.
The saga began in October 2022 when Fisker hired Kou Thao, a remote IT employee who registered his address as an Arizona home. For Fisker, there were no red flags—contracting remote IT workers is common practice for global firms. However, unbeknownst to them, the real person at that address was Christina Chapman.
Court documents reveal that in 2020, Chapman was contacted on LinkedIn by a North Korean agent who recruited her to serve as a “U.S. face” for an organization aimed at securing job opportunities for overseas IT workers using what she would later describe as “borrowed identities.” Over time, the 19 agents exploited more than 60 stolen identities to land jobs at various corporations and staffing firms, using Chapman’s address as their own.
Christina Chapman’s residence, allegedly serving as the front for the North Korean laptop operation.
Following their hiring, laptops were sent to Chapman’s Arizona address under the false identities. She reportedly set up these devices in what was dubbed a “laptop farm,” allowing North Korean operatives to access the systems remotely from Russia and China. Their payments were routed to Chapman and then funneled back to North Korea to dodge sanctions imposed on the DPRK. It is believed that Chapman also assisted by creating, delivering, and signing forged documentation.
U.S. government agencies, including the FBI, caught wind of the organized scam and issued warnings and guidance to protect other firms and the public. When they discovered Fisker was a targeted victim, a local FBI office alerted the automaker. This prompt response led Fisker to investigate Thao, resulting in the termination of his employment in September 2023.
While Thao’s time with Fisker concluded there, the North Korean plot didn’t necessarily end there. When these impostors were let go, they often revealed their “ace card.”
These faux employees weren’t fully engaged in legitimate work (or at least not all the time). They exploited their access to internal systems to steal sensitive data before their termination, subsequently using this information to extort large ransoms from the company, often exceeding six figures.
Fisker is not the sole automaker affected by North Korea’s maneuvering. Another company, mentioned in a DOJ filing as an “iconic American automotive manufacturer based in Detroit,” had a North Korean spy contracted through a staffing service, receiving $214,596 in wages. However, the exact amounts earned by these spies at Fisker and the unnamed automaker remain unclear.
Initial complaints revealed that $6,323,417 was unlawfully earned between 2021 and 2023 across industries such as automotive, technology, cybersecurity, aerospace, media, retail, and food delivery. The DOJ reported that over 60 identities were exploited in this scheme. The total payouts exceeded $6.8 million and impacted more than 300 U.S. companies. These operatives even sought to infiltrate roles linked to the U.S. government, specifically within agencies like the Department of Homeland Security, Immigration and Customs Enforcement, and the General Services Administration.
Fisker CEO Henrik Fisker commented to The Engineer that he could not provide any information since the case is “with the FBI.” The company denied any knowledge of significant cybersecurity threats in its 2023 year-end report, despite being alerted that their IT team had employed a North Korean agent for over a year.
“In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition,” Fisker stated in its annual report submitted to the U.S. Securities and Exchange Commission.
Nonetheless, this threat seems not to have significantly hindered Fisker. The company appears to be grappling with more substantial issues, contributing to its current bankruptcy predicament. However, this situation should serve as a wake-up call for the automotive sector at large.
With vehicles increasingly connecting to larger networks, the need for secure infrastructure is more pressing than ever. The concept of the software-defined vehicle is currently a hot topic among manufacturers. This incident should reinforce the importance of building a secure environment for these connected cars from the very beginning, coupled with robust monitoring to detect and respond to contemporary threats. Today, a rogue IT employee might expose company secrets; tomorrow, you could be staring at a ransom demand staring back at you from your car’s infotainment display.
.
