U.S. Government Imposes Restrictions on North Korean Individuals Involved in Information Technology Scams
In a persistent and sophisticated tactic, North Korea has been actively utilizing remote IT worker scams as a significant method for revenue generation and sanctions evasion since late 2022. This strategy is part of a broader North Korean cyber and financial theft strategy.
North Korean IT workers pose as legitimate remote employees on freelance and tech platforms, often using fake identities, stolen IDs, sophisticated fake social media profiles, and VPNs to conceal their true locations. They secure roles such as blockchain developers and smart contract engineers, providing real work while funneling earnings back to North Korea, including converting payments through crypto channels.
Key aspects of this ongoing scheme include:
- North Korean IT workers have infiltrated hundreds of companies worldwide, including more than 300 US companies, by deploying a network of accomplices inside target countries who receive equipment like laptops and ship them overseas.
- A notable US case involved Christina Marie Chapman, who operated a "laptop farm" in Arizona, hosting at least 90 laptops for these covert North Korean workers and was sentenced to over 8 years in prison for aiding these schemes.
- These workers predominantly operate from China, Russia, Cambodia, Laos, and UAE, where local companies sometimes assist in job placement and equipment provision, further enabling evasion of international sanctions.
- The scheme often exploits freelance and remote work platforms such as Upwork, using remote access tools like AnyDesk to perform work while hiding their origins.
- North Korea channels some proceeds into cryptocurrency, linked to major crypto thefts and laundering operations, and the US Treasury has sanctioned individuals and entities supporting these IT operations.
This method is not isolated. It is part of a broader North Korean cyber and financial theft strategy that also includes hacking cryptocurrency exchanges and financial institutions to evade sanctions and generate illicit revenue.
The FBI, the US Department of the Treasury, and the Justice Department have taken action against this ongoing scheme. The FBI warned businesses to be on the lookout for North Korea's scams on Wednesday, and the Justice Department is charging Kim, Myong, and five other North Koreans for allegedly engaging in sanctions-evasion activities.
The State Department is offering up to $15 million in rewards for information leading to the arrest of any of the seven defendants, including Kim Se Un, Jo Kyong Hun, and Myong Chol Min, who are said to have worked closely together to facilitate these schemes. One defendant was arrested in the U.S. in June.
Sobaeksu, identified as a front for North Korea's Munitions Industry Department, which oversees the country's nuclear weapons program, is also under scrutiny. The U.S. Department of the Treasury has sanctioned Korea Sobaeksu Trading Co. in connection with these activities.
As these actions continue, it is crucial for businesses to remain vigilant and take necessary precautions to protect themselves from such scams.
- The cybersecurity implications of North Korea's remote IT worker scams are concerning, as these workers often use sophisticated technology like VPNs, fake social media profiles, and remote access tools, making it difficult to identify them.
- The politics surrounding this issue are complex, with the US Department of the Treasury sanctioning individuals and entities supporting these IT operations, and the State Department offering rewards for information leading to their arrest, in an attempt to curb North Korea's sanctions evasion and cyber theft.
- The general-news value of this ongoing scheme is significant, as it highlights the increasingly interconnected nature of cybersecurity, technology, and crime-and-justice, with North Korea leveraging cyber resources for financial gain and evading international sanctions.
