Overview

The US Treasury and Justice Departments are​ escalating efforts too disrupt illicit financial‌ activities linked to ⁤North Korea,specifically targeting‌ IT workers who pose ​as non-North Korean ⁢freelancers and the cybercrime group APT38.​ Recent actions include the seizure of over $15 million in cryptocurrency and allegations of forced labor within the North Korean IT workforce.

Deceptive Practices of ⁢DPRK IT Workers

According to ‌Treasury Department officials, ⁢North Korean IT workers frequently misrepresent their ⁢location and affiliation, presenting themselves as US-based ​or from other⁢ countries ⁢to secure ‌remote work contracts. They may also subcontract ‍work to non-North ‌Koreans to ⁣further conceal their identities. While their primary work is ‍typically standard IT services,these ⁤workers have leveraged their access ⁢to facilitate malicious cyber‌ intrusions ‍for the North Korean ‍government.Moreover,⁤ ther are concerns that these workers are subjected to forced labor conditions.

Notably, US government​ advisories detailing these​ programs have⁣ been removed from public access in 2023 and 2024 without explanation, raising questions about transparency and policy shifts.

APT38 Cryptocurrency ​Heists and Seizures

The Justice Department announced the seizure of more than $15 million in Tether (USDT), a stablecoin pegged‌ to the⁢ US dollar, from actors‌ associated with the APT38 hacking ‌group. The FBI seized the ⁤funds in March 2024, tracing them back⁢ to ⁢four separate heists carried out by APT38 in July and ‌November 2023.

• July 2023: Two heists targeting​ virtual currency payment processors in Estonia and Panama.
• November 2023: ⁣ Two thefts from cryptocurrency exchanges​ located in Panama and Seychelles.

The Justice Department is ⁢continuing⁣ its efforts to locate and forfeit all⁤ stolen assets, which ‍have ⁤been laundered thru a complex network of virtual ⁤currency bridges, mixers, exchanges, and over-the-counter ⁤traders. This highlights ⁤the ‌challenges of tracking and recovering funds in the cryptocurrency space.

Understanding APT38

APT38 (also known as Lazarus Group) is a North Korean state-sponsored hacking group ⁣linked ‍to numerous cyberattacks targeting financial institutions, cryptocurrency exchanges, and⁤ other organizations globally. They are known for their refined techniques ⁤and their ability to generate revenue for the North Korean regime. Mandiant provides detailed analysis of APT38’s tactics, techniques, and procedures (TTPs).