{"id":36021,"date":"2025-07-09T17:31:32","date_gmt":"2025-07-09T17:31:32","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=36021"},"modified":"2025-07-09T17:31:32","modified_gmt":"2025-07-09T17:31:32","slug":"crypto-heist-crew-exposed-us-sanctions-north-koreas-shadow-coders","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=36021","title":{"rendered":"Crypto Heist Crew Exposed: US Sanctions North Korea\u2019s Shadow Coders"},"content":{"rendered":"
\n

US Treasury officials announced sanctions<\/a> this week aimed at shutting down a North Korea\u2011backed IT worker network that targeted crypto firms and other tech companies. Two individuals and four entities are now cut off from the US financial system.<\/p>\n

According to Treasury Deputy Secretary Michael Faulkender, these steps are meant to stop the misuse of stolen identities and crypto<\/a> theft that funds North Korea\u2019s missile programs. It\u2019s a sharp pivot from giant hacks to undercover operations.<\/p>\n

Stealth Operations Uncovered<\/h2>\n

Based on reports from the Office of Foreign Assets Control<\/a> (OFAC), the sanctions hit Song Kum Hyok, a North Korea\u2011based operator accused of stealing US citizens\u2019 data to create fake identities.<\/p>\n

\n

Today, the Treasury\u2019s Office of Foreign Assets Control is taking action to stop individuals and entities that are enabling the Democratic People\u2019s Republic of Korea (DPRK) IT worker schemes.<\/p>\n

The DPRK generates significant revenue for its WMD and ballistic missile programs by\u2026<\/p>\n

\u2014 Treasury Department (@USTreasury) July 8, 2025<\/a><\/p>\n<\/blockquote>\n

The operator then funneled those aliases to hired IT workers who applied to US firms. The other target is Gayk Asatryan, a Russian national who signed long\u2011term deals in 2024 with North Korean trading firms to employ dozens of North Korean developers<\/a> in his companies.<\/p>\n

All US assets tied to them\u2014and to the four Russian entities named\u2014are now frozen. That means Americans can\u2019t make payments or open accounts linked to those sanctioned parties without risking civil or criminal penalties.<\/p>\n

\n

\"\ud83d\udea8\" This afternoon the @USTreasury<\/a> sanctioned a key North Korean cyber actor for running an IT worker scheme using fake US IDs to funnel funds to the DPRK. For more check out our blogpost here: https:\/\/t.co\/MJ5a0jaoDL<\/a> pic.twitter.com\/i7fbe9STp5<\/a><\/p>\n

\u2014 TRM Labs (@trmlabs) July 8, 2025<\/a><\/p>\n<\/blockquote>\n

Hidden Workforce And Crypto Funding<\/h2>\n

North Korea\u2019s IT workforce now numbers in the thousands. Most are based in China and Russia, but they apply for jobs at firms in wealthier countries via mainstream and niche recruiting sites.<\/p>\n

According to OFAC, the aim is to raise cash for ballistic missile work by embedding skilled coders inside target firms. It\u2019s a model that spreads risk and makes detection harder than a single big attack.<\/p>\n

<\/p>\n

North Korea\u2019s New Tactics<\/p>\n

A recent Google study found that this kind of scheme has gone global. While elaborate hacks still grab headlines, state\u2011aligned groups are increasingly banking on deception.<\/p>\n

\"\"<\/p>\n

That involves stealing data and posing as trusted workers rather than breaking into servers from the outside. It\u2019s quieter. It\u2019s often cheaper. And it can keep running for years before anyone notices.<\/p>\n

Rising Crypto Losses And Shifts In Strategy<\/p>\n

Blockchain\u2011intelligence firm TRM\u202fLabs reports that North Korea\u2011linked actors were behind about $1.6 billion of the $2.1 crypto stolen across 75 crypto hacks and exploits in the first half of 2025.<\/p>\n

It\u2019s a huge chunk. TRM Labs warns that while big exchange breaches still happen, a growing share of revenue now comes from these false\u2011identity worker schemes.<\/p>\n

Featured image from Getty Images, chart from TradingView<\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

US Treasury officials announced sanctions this week aimed at shutting down a North Korea\u2011backed IT worker network that targeted crypto firms and other tech companies. Two individuals and four entities are now cut off from the US financial system. According to Treasury Deputy Secretary Michael Faulkender, these steps are meant to stop the misuse of […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-36021","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/36021","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=36021"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/36021\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=36021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=36021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=36021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}