- Google Gemini will let you schedule recurring tasks now, like ChatGPT - here's how
- iOS 26 isn't just about a rebrand and Solarium - here's what else is coming
- Energy Management in the AI Era: Cisco's Digital Transformation Advantage
- Hong Kong’s massive pension project grapples with technical glitches
- Foundation-sec-8b-reasoning: World's First Security Reasoning Model
US Tries to Claw Back $7m Taken by North Korean IT Workers
The Department of Justice (DoJ) has filed a civil forfeiture complaint alleging that North Korean IT workers illegally gained employment with US companies, amassing millions for their government in violation of sanctions.
The $7.7m in funds were originally seized by the government in 2023 in a case involving Sim Hyon Sop – a staffer at the North Korean Foreign Trade Bank (FTB) who allegedly conspired with the IT workers in a bid to launder the money for Pyongyang.
The complaint alleges that the North Korean IT workers illegally bypassed security and due diligence checks using fraudulent identity documents and techniques designed to hide their true location and identity. Salaries were apparently often paid in stablecoins, such as USDC and USDT.
To launder said funds, the employees set up accounts with fake identities, moved funds in a series of small amounts, transferred them to other blockchains (chain hopping) and/or converted them into other digital currencies (token swapping).
Read more on fake IT workers: North Korea Escalates Fake IT Worker Schemes to Extort Employers.
They also purchased non-fungible tokens (NFTs) as a store of value, used US-based accounts to legitimize their activity and “commingled” fraud proceeds to hide their origins.
Sim allegedly worked with Kim Sang Man, CEO of the “Jinyong IT Cooperation Company,” who acted as an intermediary between the IT workers and the FTB.
“For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems to evade US sanctions and bankroll its weapons programs,” said Sue Bai, head of the Justice Department’s National Security Division.
“Today’s multimillion-dollar forfeiture action reflects the Department’s strategic focus on disrupting these illicit revenue schemes. We will continue to use every legal tool available to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda.”
North Korean IT workers have been tricking their way into employment at Western firms for several years. However, the sophistication of these efforts came to light last year when security awareness specialist KnowBe4 revealed that even its staff had been duped into hiring an IT specialist from the hermit nation.
Since then, Google has warned that although US firms remain a key target, the scheme has shifted focus to European companies. While some perform normal duties in order to receive remuneration, there is also a risk that their privileged account access enables the workers to steal sensitive information and/or hold it to ransom.
