Last week, the US Department of Justice filed a civil forfeiture request of $7.74 million in code washed by North Korean IT workers who had fraudulently acquired employment with US and overseas businesses.
In connection with the April 2023 plan, the US government indicted Sim Haion Sopp, the representative of North Korea’s Foreign Trade Bank, and seized the funds as part of an operation against North Korea’s plan to avoid sanctions.
According to the DOJ, North Korean IT workers used false or fraudulently acquired identities before washing their income through SIM for the benefit of the Pyongyang regime.
The forfeiture complaint also details IT workers were deployed in various locations around the world, including China, Russia and Laos.
By hiding their true identity and location, workers were able to secure employment with blockchain companies.USDC or Tether.
Sue J. Bai, DOJ’s National Security Director, said:
The Department of Justice also reports that IT workers used several methods to wash some fraudulent income, including setting up exchange accounts using fictitious IDs, creating multiple small transfers, converting one token to another, buying NFTs, and mixing funds.
On the surface, the money was sent to the North Korean government through Sim Ha-ion Sopp and Kim Sang-Man, CEOs of a company operated under the North Korean Ministry of Defense.
DOJ indicted Sim Hyon SOP on two separate charges in April 2023. This involves conspired with North Korean workers to earn income through fraudulent employment, and secondly, conspired with OTC Crypto traders to use fraudulently generated income to purchase North Korean goods.
The FBI Chicago Field Office and the FBI Virtual Assets Unit are investigating cases related to a forfeiture complaint filed by DOJ in the District of Columbia.
“An investigation by the FBI revealed a massive campaign by North Korean IT workers to fraudulent US businesses by using the North Korean government’s stolen identity to acquire jobs, allowing the North Korean government to avoid US sanctions due to its dictatorship and generate revenue.
The exact scope of fraudulent North Korean IT is not fully established, but most experts agree that this issue is becoming more important.
The growing threat to North Korea
“The threat posed by North Korean IT workers pretending to be legitimate remote employees is growing significantly,” explains Andrew Fierman, Head of Chain Analysis for National Security Information. Decryption.
Fierman cites the example of the DOJ’s December North Korean accusations as evidence that the threat is “industrialized and refined.”
“While it is difficult to pin the exact percentage of North Korea’s fraudulent cyber revenues to fraudulent IT capabilities, it is clear from government assessments and cybersecurity research that this approach has evolved into a reliable revenue stream for the administration.
Other security specialists agree that illegal North Korean IT employees threats are becoming more common. Decryption Their tactics are more refined.
“These operatives are not just a threat, they are already actively embedded within the organization, and critical infrastructure and global supply chains have already compromised,” he says.
Barnhart also reports that North Korean threat actors have begun establishing “front companies posing as trustworthy third parties,” or even incorporating themselves into legitimate third parties who may not take advantage of the same strict protections as other large organizations.
Interestingly, Barnhart estimates that North Korea may generate hundreds of millions of revenues each year from fraudulent IT capabilities, and that the recorded figures or totals are likely to be undervalued.
“The saying “I don’t know what you don’t know” comes as new schemes are being discovered to make money every day,” he explains. “And more, much of the revenue is esoteric, as it appears to be a cybercrime gang element or a completely legitimate effort, disrupting the overall attribution.”
Also, while Thursday’s forfeiture claims suggest that the US government is getting more treatment for North Korea’s activities, the latter increasing sophistication suggests that US and international authorities may still be catching up for some time.
As Andrew Fierman puts it, “What is particularly concerning is how these workers can blend together. It’s a support system that leverages fake persona generation AI, helps them pass deep fake interview tools, and even technical screening.”
In April, Google’s Threat Intelligence Group revealed that North Korean actors have expanded beyond the US and are permeating cryptocurrency projects in the UK, Germany, Portugal and Serbia.
This includes developing the blockchain market, AI web apps, and development projects for Solana smart contracts, helping UK and US accomplices bypass ID checks and receive payments via TransferWise and Payoneer.
Edited by Stacy Elliott.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
