The recent charges brought by the US Department of Justice against four North Koreans for impersonating remote IT workers and exploiting companies to steal crypto highlight the ongoing threat posed by cyber criminals. The federal prosecutors have uncovered a sophisticated operation that could be linked to the DPRK’s strategy to fund its weapons program.
In a cyber-enabled revenue generation network, the perpetrators used fake and stolen identities to land remote IT jobs and gain the trust of their employers. This trust was then exploited to steal and launder over $900,000 in crypto, as detailed in the DOJ announcement. The defendants have been charged with wire fraud and money laundering offenses in connection with the scheme.
“This indictment underscores the unique threat that North Korea poses to companies that hire remote IT workers and demonstrates our commitment to prosecuting any actor, whether in the United States or abroad, who steals from Georgia businesses,” said U.S. Attorney Theodore S. Hertzberg.
The case is being handled by the FBI as part of the DOJ’s DPRK RevGen plan, which targets illicit revenue generation rings linked to North Korea. The defendants initially operated as a team in the UAE before joining a Georgia-based blockchain firm and a Serbian crypto company as developers. They concealed their North Korean identities by providing false identification documents with stolen and fraudulent information.
In early 2022, the defendants used their positions to access crypto assets belonging to their employers and carried out two separate theft operations totaling $915,000. They manipulated the source code of smart contracts to facilitate the thefts.
This incident is part of a broader trend of escalating cyber attacks on crypto firms by North Korea. In recent months, DPRK spies have infiltrated US corporate systems to launch malware campaigns targeting crypto developers. They have used fake US firms and domains to lure developers into downloading malware through job interview scams.
Other sophisticated methods used by North Korean cyber criminals include leveraging Zoom meetings and hiding malware in GitHub. Threat actors are using fake business calls on Zoom to trick users into clicking on malicious links, leading to data and fund theft. Reports have also surfaced of North Korea targeting Indian crypto job applicants with malware to steal their data.
The dismantling of this North Korea-linked crypto theft scheme by the DOJ highlights the ongoing efforts to combat cyber crime and protect businesses from malicious actors. It serves as a reminder of the importance of vigilance and cybersecurity measures in the face of evolving threats in the digital landscape.