The US Treasury has approved two people and four entities involved in saying it is a North Korean-run IT worker ring that infiltrates crypto companies.
The Treasury Department’s Bureau of Foreign Assets Control (OFAC) said on Tuesday that North Korea-based Kum Hyok had authorized it for stealing information from US citizens to be used as an alias and giving it to hire foreign IT workers seeking employment in US companies.
OFAC also approved Russian citizen Gake Asatrian, who allegedly used his company to employ North Korean IT workers under a long-term agreement signed with North Korean trading companies in 2024.
The rise in fraudulent high-tech workers linked to North Korea, officially the Democratic Republic of Korea (DPRK) is expanding its penetration operations, and an April report from Google found that the scheme’s infrastructure is spreading around the world.
“The Treasury is committed to using all available tools to disrupt the Kim administration’s efforts to avoid sanctions through digital property theft, attempts to impersonate Americans and malicious cyberattacks.”
Thousands of IT workers targeting wealthy countries to fund missile programs
OFAC said North Korea aims to generate revenue from its ballistic missile program by deploying a workforce of thousands of highly skilled IT workers around the world.
According to OFAC, the workforce is primarily aimed at employers in wealthy countries, using a variety of mainstream and industry-specific networking platforms.
Sanctions mean that Asatrian, all US assets related to the song, and four named Russian entities have been frozen. It is also illegal for Americans to carry out financial transactions or engage in business transactions with them under the threat of civil or criminal penalties.
North Korea shifts away from hacking
North Korea is well-known for its famous hacks through teams such as the Lazarus Group, and is responsible for some of the biggest crypto hacks ever recorded, including the $1.5 billion Bit Exploit in February.
However, blockchain intelligence firm TRM Labs said Tuesday that it is beginning to change its tactics.
“While exchange violations are still important, businesses related to DPRK are increasingly changing to revenue generation based on deceptions, including infiltration of IT workers,” the company said.
TRM Labs estimates that $1.6 billion in the $2.1 billion stolen across 75 crypto hacks and exploits in the first half of 2025 are responsible for the poor actors lined up in North Korea.
The US cracks down on North Korean IT workers
US authorities have been increasingly cracking down on fraudulent North Korean IT workers schemes this year.
Related: North Korea targets crypto workers and targets malware that steals new information
On June 30, four North Korean citizens were charged with wire fraud and money laundering after pose as remote workers at US and Serbian blockchain companies.
Meanwhile, on June 5, the U.S. Department of Justice said it was trying to seize $7.74 million in frozen codes allegedly acquired by North Korean IT workers working for blockchain companies using fake IDs.
Magazine: North Korea’s Crypto Hackers Tap ChatGpt, Malaysia Road Money Sifoned: Asia Express
