In a story that sounds more like a spy thriller than corporate reality, Fisker Inc. finds itself embroiled in a cyber espionage scandal that reveals vulnerabilities within the automotive industry. The automaker inadvertently hired a North Korean agent, Kou Thao, as part of an elaborate scheme that aimed to siphon funds for the regime’s ballistic missile program.
The saga began in October 2022 when Fisker, a company known for its ambitious electric vehicles, brought Thao on board as a remote IT worker. Sporting an Arizona address, he seemed to fit the mold for a global company hiring remote talent. However, unbeknownst to Fisker, the individual was merely a puppet in a broader plot orchestrated by North Korean operatives.
According to investigations by Danish publication The Engineer, Thao was one of several operatives who had their identities “borrowed” through a network established by a woman named Christina Chapman. Approached by a North Korean agent on LinkedIn in 2020, Chapman was convinced to act as the U.S. face of a scheme that allowed North Korean agents to gain employment under false pretenses. In total, 19 operatives utilized over 60 stolen identities, with Chapman’s address serving as the central hub for operations.
North Korean Cyber Scheme Exposed: U.S. Companies Face Ransom Demands and Data Breaches
Once hired, laptops were shipped to Chapman’s residence, creating a makeshift “laptop farm” that North Korean agents accessed remotely from locations in Russia and China. The agents received salaries through this arrangement, with the funds eventually routed back to North Korea, thus evading sanctions imposed on the country.
The FBI and other U.S. government agencies caught wind of the scheme and began issuing warnings to safeguard companies against such threats. Upon learning that Fisker was involved, the FBI alerted the automaker, prompting an internal investigation that led to Thao’s termination in September 2023. However, the ramifications extended beyond just one employee.
As it turned out, many of these faux employees were not actively contributing to their companies; instead, they exploited their access to exfiltrate sensitive data before being let go. This led to demands for ransom payments, often exceeding six figures, as the operatives threatened to expose confidential information.
Fisker is not alone in this predicament. Another unidentified “Fortune 500 iconic American automotive manufacturer” in Detroit was also implicated, with a North Korean operative allegedly earning $214,596 through a staffing agency. Preliminary findings by the Department of Justice (DOJ) revealed that over 300 U.S. companies across various sectors were affected, resulting in ill-gotten wages amounting to over $6.8 million from 2021 to 2023.
Automaker’s Security Breach Exposes Growing Cyber Threats in Software-Defined Vehicles
Fisker CEO Henrik Fisker declined to comment on the specifics of the case, citing its ongoing investigation with the FBI. In its year-end report, the company denied any material cybersecurity threats in 2023, despite being alerted to the presence of a North Korean operative within its IT team for more than a year.
“As of 2023, we did not identify any cybersecurity threats that have materially affected our business strategy,” Fisker stated in its report to the U.S. Securities and Exchange Commission.
This incident serves as a stark reminder of the interconnected nature of modern automotive technology, where software-defined vehicles are increasingly prevalent. It highlights the urgent need for automakers to build secure environments from the ground up. As companies navigate the evolving landscape of cybersecurity threats, vigilance and proactive measures are critical to protecting sensitive information and ensuring the integrity of their operations.
As the automotive industry moves forward, it is clear that today’s rogue IT worker could evolve into tomorrow’s security breach, affecting not just company secrets but also the very safety of connected vehicles.
