More than 40 countries impacted by North Korea IT worker scams, crypto thefts

The U.S. on Monday urged United Nation member states to take a tougher stance against North Korean efforts to skirt sanctions through its IT worker scheme and cryptocurrency heists.

Eleven countries led a session at the UN headquarters in New York centered around a 140-page report released last fall that covered North Korea’s extensive cyber-focused efforts to fund its nuclear and ballistic weapons program. 

The report links the North Korean IT worker scheme — where citizens of the country steal identities and secure employment at western companies — with Pyongyang’s billion-dollar crypto thefts.

Both efforts, alongside several other initiatives, are designed to bring in funding for North Korea’s regime, simplify weapons purchases and circumvent multiple UN security resolutions. 

The report said more than 40 countries have been impacted by either crypto heists — which surpassed $2 billion last year — or IT worker activities.

Jonathan Fritz, U.S. principal deputy assistant Secretary of State, told reporters ahead of the UN meeting that the goal of the report and UN session is to pressure countries that are helping North Korea with the schemes. 

“Too many countries are failing to implement UN sanctions designed to prevent exactly this sort of activity,” Fritz said. “ A North Korean IT worker can live in Laos, steal the identity of a Ukrainian online, and then use that identity to defraud a U.S. company into hiring them – often for remote jobs with salaries in the hundreds of thousands of dollars range. ”

U.S. officials levied heavy criticism against Russia and China for their role in protecting North Korea and providing safe havens for funding. At least 19 Chinese banks are used to launder stolen funds, according to the report, and North Korea regularly relies on Chinese infrastructure and financial institutions.

Chinese traders convert stolen cryptocurrency into fiat currency while North Korean facilitators live in the country and launder funds. 

The report also notes that several countries have allowed North Korea to use its stolen cryptocurrency to directly purchase weapons or fuel. The Multilateral Sanctions Monitoring Team report found armored vehicles, Russian petroleum and copper for munitions all purchases using cryptocurrency. 

The numbers

The countries named in the report include China, Russia, Cambodia, Laos, Equatorial Guinea, Guinea, Nigeria and Tanzania. Each has either been accused of hosting IT workers or has allowed North Korean officials to launder money through financial institutions. 

U.S. officials estimate that about 1,500 North Korean IT workers are based in China, and another 500 are spread across Russia, Laos, Cambodia, Equatorial Guinea, Guinea, Nigeria and Tanzania. 

The U.S. said this scheme violates two specific UN Security Council Resolutions that prohibit member states from offering work visas to North Koreans and requires all member states to repatriate any North Koreans found earning income in their countries. 

Fritz noted that since the report was released in October, Argentina and Pakistan have taken steps to address issues outlined in the report. 

“I understand that Pakistan has actually apprehended an individual that the Multilateral Sanctions Monitoring Team report identified for her role in facilitating North Korean IT worker activities,” he said. 

The UN Session

The UN session featured speeches from several countries and testimony from private sector witnesses who spoke of their efforts to address the issue. 

A South Korean representative noted that since the report was released in October, a cryptocurrency company in their country had more than $30 million stolen. 

A spokesperson for freelance hiring platform Upwork said they dealt with one situation where a person showed up for work in person, looked like they were working but secretly had a North Korean conducting all of their tasks after hours. 

U.S. officials and the companies that testified had few answers for what tangible efforts countries could take to better protect crypto firms or help companies identify North Korean IT workers attempting to get hired 

When asked by Recorded Future News about metrics the U.S. is using for success and whether recent law enforcement actions and sanctions were having an effect, Fritz could not say if any efforts were having an impact. 

Private sector witnesses from Google and other tech firms suggested companies make the hiring process more stringent — with background checks and in-person interviews. But others also admitted that North Korea is rapidly integrating AI into its scheme, allowing workers to change their image, voice and even accent during interviews. 

North Korea’s Permanent Mission to the UN published a statement on the meeting, slamming the U.S. for discussing the issue while “withdrawing from UN organizations at random which it regards as unnecessary.” 

“What should be questioned and openly discussed in the UN as the most important pending issue is the hideous criminal act of the U.S. which wantonly violates the spirit of the UN Charter and other international laws and ruthlessly destroys the international order through the outrageous use of force,” North Korea’s government said. 

“The U.S. despises the existence of the UN itself and gives up its due duty as a member state of the UN. Its irrationality and malpractice of abusing the UN arena to satisfy its geopolitical self-interest should never be allowed.”