The US government has seized over $7.74 million in illegal funds, allegedly siphoned off by illegitimate North Korean Information Technology (IT) workers for the benefit of the North Korean government. The US Department of Justice (DOJ) has filed a civil forfeiture complaint alleging that the IT workers secured employment in the US illegally, racking up millions of dollars in cryptocurrency and bypassing US sanctions placed against North Korea. According to the US Federal Bureau of Investigation (FBI), the use of North Korean IT workers to defraud the US is now taking place on a massive scale.
“The FBI’s investigation has revealed a massive campaign by North Korean IT workers to defraud U.S. businesses by obtaining employment using the stolen identities of American citizens, all so the North Korean government can evade U.S. sanctions and generate revenue for its authoritarian regime,” says FBI Assistant Director Roman Rozhavsky. Rozhavsky advises US companies to ensure that “all companies that employ remote workers stay vigilant to this new and sophisticated threat.”
“This forfeiture action highlights, once again, the North Korean government’s exploitation of the cryptocurrency ecosystem to fund its illicit priorities,” says Matthew Galeotti., the head of the DOJ’s criminal division, commenting on the latest seizure of over $7.74 million in illegal funds.
According to the complaint, the North Korean IT workers were allegedly deployed in countries all over the globe, including China and the Russian Federation. They were able to bypass security and due diligence checks by allegedly using fraudulent identification documents, fooling unknowing employers into hiring them as remote employees. Employers would usually pay the IT workers in relatively stable cryptocurrencies, or stablecoin, such as USDC or USDT.
The illicit funds were then laundered through various means, such as “chainhopping” and “token swapping” – moving funds to other blockchains, and converting funds to other forms of virtual currency. The laundered funds would then allegedly be sent to North Korea, sometimes through North Korean national Sim Hyon Sop. Sim, a Foreign Trade Bank (FTB) representative, has previously been indicted in 2023 for allegedly conspiring to launder stolen cryptocurrency through Hong Kong-based sham companies.
The Cybercrime to Missile Program Pipeline
The North Korean Government is believed to be using the illegally obtained cryptocurrency in order to “generate revenue for its priorities” – primarily the funding of North Korean ballistic missiles and weapon production.
The North Korean government’s ongoing long-term strategy is to bankroll their missile programs with the illicit proceeds of cybercrime. In 2022, the US Department of Treasury issued an advisory, warning the public about North Korea dispatching thousands of skilled IT workers to “generate revenue that contributes to its weapons of mass destruction (WMD) and ballistic missile programs, in violation of U.S. and UN sanctions.”
According to the advisory, a majority of North Korean IT workers work on behalf of entities that are directly involved with North Korea’s prohibited WMD and ballistic missile programs.
