Key Highlights
- •The U.S. has charged five individuals for facilitating North Korean IT workers' infiltration of 136 companies.
- •The Department of Justice is seeking forfeiture of $15 million in cryptocurrency linked to APT38 hacks.
- •These actions are part of a broader U.S.-U.K. crackdown on Asian cyber-fraud networks.
The U.S. Department of Justice (DOJ) has announced new actions targeting how North Korea covertly raises money through stolen identities, remote tech work, and large-scale crypto theft. These schemes, officials state, directly help fund its sanctioned weapons programs.
Five individuals, comprising four Americans and one Ukrainian national, have pleaded guilty to assisting North Korean IT workers in posing as U.S.-based employees. They provided stolen or falsified identities, hosted company-issued laptops, and helped Democratic People’s Republic of Korea (DPRK) operatives bypass hiring checks.
According to the official announcement, the network infiltrated 136 U.S. companies and successfully transferred over $2.2 million back to the regime.
$15 Million Tied to APT38 Frozen
In a parallel action, the Justice Department filed two forfeiture complaints seeking the seizure of over $15 million in USDT. This cryptocurrency was seized from Advanced Persistent Threat 38 (APT38), a North Korean military hacking unit known for orchestrating some of the world's largest crypto exchange intrusions.
APT38 was responsible for stealing hundreds of millions of dollars from platforms located in Estonia, Panama, and the Seychelles in 2023. The stolen funds were subsequently laundered through mixers, bridges, and over-the-counter brokers. Authorities successfully intercepted a portion of this laundering flow, froze the assets, and are now pursuing their permanent forfeiture.
North Korea’s Remote IT Strategy
U.S. agencies have issued warnings for years regarding North Korean operatives who disguise themselves as freelance developers or remote workers to gain access to corporate networks. These operatives utilize stolen Social Security numbers, fake U.S. addresses, and proxy computers to create the illusion of domestic activity.
Investigators report that some DPRK IT workers earn hundreds of thousands of dollars annually, generating substantial revenue for the regime. The DOJ emphasizes that these infiltrations pose a significant threat to both national security and economic stability.
Global Efforts on Crypto-Related Crimes
The latest actions follow a rapid intensification of U.S. enforcement efforts targeting Asian cyber-fraud networks. This week, the government launched the Scam Center Strike Force, a new unit dedicated to combating Southeast Asian “pig-butchering” schemes that have resulted in billions of dollars in losses for Americans. Last month, the U.S. and the U.K. jointly sanctioned major crime syndicates operating in Cambodia and Laos that are linked to cryptocurrency laundering.
These combined efforts signify a notable shift in strategy: U.S. agencies are now focusing not only on individual hackers but also on the infrastructure and intermediaries that facilitate global crypto-enabled crime.
What Comes Next
The Justice Department has indicated that further arrests, seizures, and cross-border operations are anticipated. The Federal Bureau of Investigation (FBI) is strongly advising U.S. companies to enhance their vetting processes for remote tech workers and to remain vigilant for suspicious login attempts or data access patterns.
Assistant Attorney General John A. Eisenberg stated that the U.S. will employ “every available tool” to disrupt DPRK revenue streams. As North Korea increasingly relies on crypto theft and remote-work fraud to circumvent sanctions, officials believe these actions represent only the initial phase of a broader response.