The U.S. Department of Justice is cracking down on North Korean hacker cryptocurrency fraud networks, recovering over $15 million in funds.

The U.S. Department of Justice recently announced a series of significant law enforcement actions targeting North Korea's illegal fundraising activities, including five guilty pleas and over $15 million in civil forfeiture actions. These cases involve the North Korean government using remote information technology (IT) work and Virtual Money theft, violating international sanctions to fund its weapons development and other regime operations.

North Korean counterfeit remote IT workers infiltrate American companies

According to court documents released by the U.S. Department of Justice, accomplices from the United States and Ukraine assisted North Korean IT workers in obtaining remote positions at U.S. companies using false identities. The accomplices used their own, forged, or stolen identity information, and installed laptops provided by the companies in residences in the U.S., creating the illusion that the workers were “located in the U.S.” The entire fraud scheme affected over 136 U.S. companies, generating more than $2.2 million in illegal profits for the North Korean regime, and involved the theft of identity information from 18 U.S. citizens.

APT38 committed four virtual money thefts, recovering over 15 million dollars.

The well-known North Korean hacker group APT38 (Advanced Persistent Threat 38) launched a large-scale attack on four overseas Virtual Money platforms in 2023, stealing hundreds of millions of dollars in Virtual Money. The U.S. government has currently frozen and seized over $15 million in coin assets and has filed a civil forfeiture request, intending to eventually return the funds to their lawful owners.

The U.S. will “use all resources” to combat North Korea's illegal fundraising.

Several senior officials from the Department of Justice emphasized that this action is a key step in preventing North Korea from funding its weapons program through fraud and hacking activities. Assistant Secretary of National Security John A. Eisenberg stated, “We will spare no effort to protect the American people from North Korean harm.” Acting Assistant Attorney General Matthew R. Galeotti also emphasized that combating the flow of funds from hostile nations is a top priority for maintaining national and economic security.

Accomplices in the United States Exposed: Three Nationals Plead Guilty to Participating in Fraud

Three American nationals — Audricus Phagnasay (24), Jason Salazar (30), and Alexander Paul Travis (34) pleaded guilty in a Georgia court to conspiracy to commit telecommunications fraud. From 2019 to 2022, they provided their identities to North Korean IT workers, assisting them in passing corporate vetting processes. There were even accomplices conducting drug tests on their behalf, successfully deceiving companies for hiring qualifications. The entire fraud scheme generated over $1.28 million in salary income for North Korean workers.

It is particularly noteworthy that one of the parties involved, Travis, was an active-duty U.S. military member at the time, and he received over $51,000 in rewards from the fraud. The other two also received $3,450 and $4,500, respectively. The Department of Justice pointed out that most of the income ultimately flowed overseas to fund the North Korean regime.

Ukrainian accomplice pleads guilty: Selling American identity information to North Korean IT workers

Ukrainian national Oleksandr Didenko also pleaded guilty on November 10 in the U.S. District Court for the District of Columbia, admitting to selling the identity information of U.S. citizens to North Korean and other overseas IT workers, allowing them to impersonate identities to gain access to American companies. Didenko is expected to forfeit $1.4 million in illegal proceeds, including $570,000 in Virtual Money and cash assets. The offender will be extradited from Poland to the U.S. for trial in December 2024.

Supply fake identity IT workers to earn nearly 90,000 dollars

A U.S. citizen from Florida, Erick Ntekereze Prince, pleaded guilty on November 6 to conspiracy to commit wire fraud. He provided “certified” IT workers to American companies through his company Taggcar Inc., but these workers actually came from North Korea or other regions and used false identities. Prince profited over $89,000 from this scheme.

The above cases are all being investigated by FBI offices across the country, in cooperation with international partners such as authorities in Poland and the Netherlands for arrests and extraditions. Currently, the related accomplices include American Emanuel Ashtor (pending trial) and Mexican Pedro Ernesto Alonso de los Reyes (pending extradition), who are also undergoing judicial proceedings.

APT38 multiple attack exposures

The Ministry of Justice recently filed two civil forfeiture lawsuits against APT38 for the large amount of USDT stablecoins stolen in 2023. According to the lawsuit documents, APT38 is suspected of attacking virtual money platforms in four different countries, including Estonia, Panama, and Seychelles, with a total amount stolen exceeding 380 million dollars. Authorities continue to track and intercept hackers' activities of laundering money through virtual money mixing tools and exchanges.

The FBI urges all businesses to enhance identity verification and security protocols for remote workers and to remain vigilant. North Korean IT workers are infiltrating using fake emails, counterfeit websites, third-party payment platforms, and social media fake identities, threatening corporate data security and national interests.

This article discusses how the U.S. Department of Justice is cracking down on North Korean hacker cryptocurrency fraud networks, recovering over 15 million dollars in funds. It first appeared in Chain News ABMedia.