US Sanctions North Korean Firm, Nationals Behind IT Worker Schemes
Summary:
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed new sanctions on three North Korean individuals, Kim Se Un, Jo Kyong Hun, and Myong Chol Min, and the Korea Sobaeksu Trading Company for their roles in supporting the Democratic People’s Republic of Korea’s (DPRK) illicit IT worker schemes. These schemes involve deploying skilled North Korean tech workers into foreign companies, often in the United States, by using stolen or fake identities. The wages earned through these fraudulent positions are funneled back to the DPRK government to fund its nuclear weapons and ballistic missile programs.
Korea Sobaeksu Trading Company is described as a front for the DPRK’s Munitions Industry Department and is directly involved in dispatching IT workers abroad and procuring materials for sanctioned military programs. Kim Se Un was responsible for operating subordinate companies, recruiting overseas workers, and ensuring the flow of revenue. Jo Kyong Hun, a team leader at Sobaeksu, managed financial operations, including cryptocurrency transactions that helped conceal the regime’s income streams. Myong Chol Min played a role in sanctions evasion and revenue generation by attempting to import items like tobacco.
Security Officer Comments:
This action is part of a broader U.S. effort to dismantle North Korea’s financial networks. Earlier in the month, the U.S. disrupted domestic “laptop farm” operations and indicted 14 individuals tied to similar schemes. Additionally, OFAC sanctioned Song Kum Hyok, a suspected member of the North Korean hacking group Andariel. To further support disruption efforts, the U.S. State Department is offering up to $7 million in rewards for information leading to the arrest or conviction of these sanctioned individuals. These sanctions freeze assets under U.S. jurisdiction and prohibit any dealings with U.S. persons or businesses, aiming to increase financial pressure on the regime and its enablers.
Suggested Corrections:
The Federal Bureau of Investigation (FBI) published an update to previously shared guidance regarding Democratic People's Republic of Korea (North Korea) Information Technology (IT) workers to raise public awareness of the threat posed to U.S. businesses and recommends the following:
Scrutinize identity verification documents
Check for misspellings and cross-reference photographs and contact information (e.g. phone numbers, addresses, emails, etc.) with social media profiles, portfolio websites, and payment platforms.
Verify prior employment and education
Verify prior employment and higher education history directly with businesses and educational institutions.
Require in-person meetings
When possible, mandate in-person drug tests or fingerprinting to verify identity and claimed location. If needing to rely on virtual meetings:
Capture images of individuals
Capture images for comparison with future meetings. Sometimes an individual is employed to pass the initial interview, but the on-the-job work is completed by a different individual.
Analyze payment methods
Compare payment accounts of all employees, flagging those using similar documentation to establish accounts or with matching banking information. Monitor employees who change their bank accounts often, due to banks closing accounts of concern. Beware of agreements to pay employees using virtual currency, which enables funds to be transferred internationally without high levels of scrutiny.
Shipping work-related materials
If sending documents or work-related equipment such as a laptop, only send to the address listed in the employee's identification documents. If the employee requests delivery to a different address, require additional documentation to verify the address. Additionally, do not grant access to any systems until the background check is completed.
Contracted IT workers
If your company employs contracted IT workers that have been hired by a third-party company, seek to educate the third-party company about this guidance. Contract IT work is a common way that North Korean IT workers procure employment.
Link(s):
https://www.bleepingcomputer.com/ne...rean-firm-nationals-behind-it-worker-schemes/
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed new sanctions on three North Korean individuals, Kim Se Un, Jo Kyong Hun, and Myong Chol Min, and the Korea Sobaeksu Trading Company for their roles in supporting the Democratic People’s Republic of Korea’s (DPRK) illicit IT worker schemes. These schemes involve deploying skilled North Korean tech workers into foreign companies, often in the United States, by using stolen or fake identities. The wages earned through these fraudulent positions are funneled back to the DPRK government to fund its nuclear weapons and ballistic missile programs.
Korea Sobaeksu Trading Company is described as a front for the DPRK’s Munitions Industry Department and is directly involved in dispatching IT workers abroad and procuring materials for sanctioned military programs. Kim Se Un was responsible for operating subordinate companies, recruiting overseas workers, and ensuring the flow of revenue. Jo Kyong Hun, a team leader at Sobaeksu, managed financial operations, including cryptocurrency transactions that helped conceal the regime’s income streams. Myong Chol Min played a role in sanctions evasion and revenue generation by attempting to import items like tobacco.
Security Officer Comments:
This action is part of a broader U.S. effort to dismantle North Korea’s financial networks. Earlier in the month, the U.S. disrupted domestic “laptop farm” operations and indicted 14 individuals tied to similar schemes. Additionally, OFAC sanctioned Song Kum Hyok, a suspected member of the North Korean hacking group Andariel. To further support disruption efforts, the U.S. State Department is offering up to $7 million in rewards for information leading to the arrest or conviction of these sanctioned individuals. These sanctions freeze assets under U.S. jurisdiction and prohibit any dealings with U.S. persons or businesses, aiming to increase financial pressure on the regime and its enablers.
Suggested Corrections:
The Federal Bureau of Investigation (FBI) published an update to previously shared guidance regarding Democratic People's Republic of Korea (North Korea) Information Technology (IT) workers to raise public awareness of the threat posed to U.S. businesses and recommends the following:
Scrutinize identity verification documents
Check for misspellings and cross-reference photographs and contact information (e.g. phone numbers, addresses, emails, etc.) with social media profiles, portfolio websites, and payment platforms.
Verify prior employment and education
Verify prior employment and higher education history directly with businesses and educational institutions.
Require in-person meetings
When possible, mandate in-person drug tests or fingerprinting to verify identity and claimed location. If needing to rely on virtual meetings:
- Mandate video and request that their backgrounds be unobscured.
- Have the individual point the camera out a window and ask questions about their claimed current location and the location listed on their identification documents.
- Ask the individual to wave their hand in front of their face as it may prompt a malfunction in AI generated video.
Capture images of individuals
Capture images for comparison with future meetings. Sometimes an individual is employed to pass the initial interview, but the on-the-job work is completed by a different individual.
Analyze payment methods
Compare payment accounts of all employees, flagging those using similar documentation to establish accounts or with matching banking information. Monitor employees who change their bank accounts often, due to banks closing accounts of concern. Beware of agreements to pay employees using virtual currency, which enables funds to be transferred internationally without high levels of scrutiny.
Shipping work-related materials
If sending documents or work-related equipment such as a laptop, only send to the address listed in the employee's identification documents. If the employee requests delivery to a different address, require additional documentation to verify the address. Additionally, do not grant access to any systems until the background check is completed.
Contracted IT workers
If your company employs contracted IT workers that have been hired by a third-party company, seek to educate the third-party company about this guidance. Contract IT work is a common way that North Korean IT workers procure employment.
Link(s):
https://www.bleepingcomputer.com/ne...rean-firm-nationals-behind-it-worker-schemes/