Is Your North Korean IT Worker Quiet Quitting?

Is Your North Korean IT Worker Quiet Quitting?

North Korean IT workers have emerged as a covert extension of the regime’s state-sponsored cyber operations, embedding themselves within legitimate companies by posing as freelance developers and contractors. Oftentimes paid in cryptocurrency, these actors generate revenue for the regime’s WMD and ballistic missiles programs. Blockchain analysis provides a critical lens to trace and disrupt these activities, uncovering laundering methods such as transaction layering, cross-chain bridges, decentralized finance protocols, and the use of fictitious exchange accounts facilitated by intermediaries in China and Russia. Drawing on case studies from OFAC sanctions, DOJ forfeiture actions, and Chainalysis investigations, this session will map common tactics, techniques, and procedures (TTPs) and demonstrate how illicit earnings are funneled to Pyongyang in support of weapons programs. Attendees will gain a structured understanding of this threat landscape and practical insights into avenues for disruption.