The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has taken significant action against North Korean fraudulent IT worker schemes, imposing sanctions on three nationals and one company involved in these illicit operations.
Overview of Sanctions
The sanctioned entities include Korea Sobaeksu Trading Company and individuals Kim Se Un, Jo Kyong Hun, and Myong Chol Min. These individuals and the company are implicated in activities that generate illegal revenue for the North Korean government, primarily supporting its nuclear and missile development programs.
Mechanism of Fraudulent IT Operations
North Korea employs sophisticated schemes to infiltrate American companies with skilled IT workers using fabricated or stolen identities. The earnings from these employees are subsequently funneled back to the Democratic People’s Republic of Korea (DPRK), directly financing its military initiatives.
FBI Recommendations for Mitigating Risk
In light of these developments, the FBI has issued updated guidance for U.S. businesses on safeguarding against similar schemes. Organizations are urged to enhance their due diligence when hiring IT personnel, ensuring thorough background checks and verification processes to prevent infiltration by malicious actors.
Recent Actions Against North Korean Cyber Operations
The U.S. has a precedent of taking decisive measures against North Korean cyber activities. Recently, the disruption of “laptop farm” operations—where fraudulent IT services are delivered—occurred alongside indictments of 14 key individuals involved in these schemes.
Earlier this month, OFAC also sanctioned Song Kum Hyok, allegedly affiliated with the North Korean hacking group Andariel, which has been a significant player in facilitating IT worker programs.
The Key Players Behind the Schemes
The latest OFAC sanctions detail the roles of the following entities and individuals that contribute to financial facilitation, recruitment, and cryptocurrency operations to support the DPRK’s goals:
-
Korea Sobaeksu Trading Company: This front company operates under the Munitions Industry Department, assigning IT workers abroad and sourcing materials for nuclear and missile projects.
-
Kim Se Un: A representative of Sobaeksu, responsible for managing subordinate companies, recruiting North Korean IT professionals in regions like Vietnam, and supporting initiatives for revenue generation.
-
Jo Kyong Hun: An IT team leader within Sobaeksu, focusing on cryptocurrency management and financial services linked to DPRK’s technological programs.
- Myong Chol Min: As a trade representative, he plays a pivotal role in helping Sobaeksu circumvent sanctions, including attempts to import goods like tobacco for revenue.
Impact of the Sanctions
The implications of OFAC’s sanctions include the freezing of assets located within U.S. jurisdiction and prohibitions on transactions involving U.S. persons and businesses. This action not only disrupts the operational capability of these entities but also increases international pressure on North Korea.
Incentives for Reporting
In addition to sanctions, the U.S. Department of State has established a reward program offering up to $7 million for information leading to the arrest or conviction of the sanctioned individuals, highlighting the strategic approach to countering North Korean cyber threats.
By understanding and addressing these cybersecurity threats, organizations can fortify their defenses against the exploitation of technology by rogue states, ensuring a safe and secure operational environment in today’s ever-evolving digital landscape.