The U.S. Treasury Department has added a key player in North Korea's cyber espionage and crypto theft schemes to its blacklist, dealing a significant blow to the country's efforts to infiltrate the global financial system through legitimate-looking employment opportunities.
North Korean national Song Kum Hyok, an employee of a notorious hacking group, has been designated as a "Specially Designated National" by the Office of Foreign Assets Control (OFAC), which effectively blocks him from accessing the global financial system. The move is aimed at disrupting North Korea's efforts to use IT workers as a front for cyber espionage and cryptocurrency thefts.
The U.S. Treasury Department alleges that Song Kum Hyok worked to place other North Korean officials in various companies as IT workers, who would then send funds back to Pyongyang and find ways to exploit their host companies to generate additional revenue. This scheme has been particularly devastating to the crypto industry, with numerous major thefts occurring as a result of efforts by North Korean hackers.
"The DPRK generates significant revenue through the deployment of IT workers who fraudulently gain employment with companies around the world, including in the technology and virtual currency industries," Tuesday's release said. This is a clear example of North Korea's use of cyber espionage as a means to generate revenue and launder illicit funds.
Last month, crypto investigator and analyst ZachXBT warned that multiple projects were being exploited due to hiring North Korean IT workers as developers. The U.S. Treasury Department has taken steps to address this issue, but it appears that more needs to be done to prevent these types of schemes from occurring in the future.
"DPRK IT workers often take on projects that involve virtual currency, and they use virtual currency exchanges and trading platforms to manage funds they receive for contract work as well as to launder and remit these funds to the DPRK," the U.S. Treasury Department said Tuesday. This highlights the need for increased vigilance and cooperation between governments and companies to prevent North Korean hackers from infiltrating legitimate operations.
Ari Redbord, global head of policy and government affairs at TRM Labs, notes that embedded IT workers "have served as on-ramps to both illicit revenue generation and eventual intrusion activity, particularly in the crypto space." He adds that this action fits into a broader pattern of Treasury's efforts to target North Korea's use of IT workers to funnel illicit proceeds back to Pyongyang.
"Song represents the operational layer behind those schemes: not the hacker, but the enabler. And that makes him just as important to disrupt," Redbord said. "Building out networks has been a huge focus for Treasury over the last few months and this is another example of going after facilitators."
The designation of Song Kum Hyok marks an important step in disrupting North Korea's cyber espionage and crypto theft schemes, but it also highlights the ongoing challenge of preventing these types of operations from occurring in the future. As the crypto industry continues to evolve and new vulnerabilities are discovered, it will be essential for companies and governments to work together to stay ahead of these threats.