朝鲜的网络情节：通过虚拟抢劫案为武器开发提供资金

朝鲜国民因窃取超过90万美元的虚拟货币以资助武器计划而被起诉。深入了解平壤的非法网络计划。

Ever wonder how North Korea keeps its weapons programs afloat? Turns out, they're not just relying on traditional methods. Buckle up, because the U.S. Justice Department just unsealed an indictment that reads like a cyber-thriller.

有没有想过朝鲜是如何保持其武器计划的？事实证明，他们不仅依靠传统方法。扣紧了，因为美国司法部只是宣布了一项像网络惊悚片一样的起诉书。

Remote Workers, Real Crimes

远程工人，真正的犯罪

Four North Korean nationals—Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il—are in hot water for allegedly posing as remote IT workers to infiltrate U.S. companies. Their mission? Steal virtual currency—over $900,000 worth—and launder it to fund North Korea's weapons and cyber programs. Seriously, who needs banks when you've got blockchain?

四名朝鲜国民 - 金·金·金（Kim Kwang Jin），康·泰·博克（Kang Tae Bok），郑彭（Jong Pong Ju）和昌南（Chang Nam Il）在热水中涉嫌冒充偏远的IT工人来渗透美国公司。他们的使命？窃取虚拟货币（价值90万美元），并洗钱以资助朝鲜的武器和网络计划。说真的，当您拥有区块链时，谁需要银行？

The Modus Operandi

作案手法

These guys weren't exactly amateurs. They used stolen and fabricated personal identities to get hired as IT specialists at blockchain and digital asset companies. Think Catch Me If You Can, but with cryptocurrency. They even traveled to the United Arab Emirates on North Korean passports before setting up shop in the U.S. and abroad.

这些家伙并不完全是业余爱好者。他们利用被盗和捏造的个人身份在区块链和数字资产公司的专家中被雇用。如果可以的话，请想抓住我，但是使用加密货币。他们甚至在美国和国外开设商店之前，前往朝鲜护照上的阿拉伯联合酋长国。

Kim Kwang Jin and Jong Pong Ju, using aliases, landed gigs at a blockchain R&D company in Atlanta and a Serbian virtual token company. Classic Trojan horse move. Once inside, they exploited their access to swipe virtual currency. Jong Pong Ju allegedly nabbed $175,000 in February 2022, while Kim Kwang Jin reportedly made off with $740,000 a month later by tweaking smart contracts. Talk about a coding catastrophe for their employers!

金·金·金（Kim Kwang Jin）和郑彭（Jong Pong Ju）使用别名在亚特兰大的一家区块链研发公司和塞尔维亚虚拟代币公司登上演出。经典的特洛伊木马移动。进入室内后，他们利用了对滑动虚拟货币的访问。据据称，钟朱在2022年2月扣押了175,000美元，而金·金·金（Kim Kwang Jin）在一个月后通过调整智能合约以74万美元的价格赚了74万美元。谈论雇主的编码灾难！

Laundering Like Pros

像专业人士一样洗钱

To cover their tracks, the stolen funds were laundered through a virtual currency mixer (Tornado Cash, no less!) and then funneled into exchange accounts controlled by Kang Tae Bok and Chang Nam Il. They even used fake Malaysian IDs to open these accounts. It's like a global game of cat and mouse, but with digital dollars.

为了掩盖他们的赛道，被盗资金通过虚拟货币混音器（龙卷风现金，不少！）洗涤，然后将其汇入由Kang Tae Bok和Chang Nam Il控制的交换帐户。他们甚至使用假的马来西亚ID来打开这些帐户。这就像一款全球猫和鼠标游戏，但具有数字美元。

DPRK RevGen: Domestic Enabler Initiative

DPRK Revgen：国内促进倡议

This isn't just a one-off incident. It's part of the Department of Justice’s DPRK RevGen: Domestic Enabler Initiative, launched in March 2024. The goal? To disrupt North Korea’s global efforts to generate illicit revenue. The program is cracking down on both foreign actors and their U.S.-based enablers.

这不仅仅是一次一次事件。它是司法部DPRK Revgen的一部分：国内促进倡议，于2024年3月发起。目标？破坏朝鲜为产生非法收入的全球努力。该计划正在打击外国演员及其基于美国的推动者。

The FBI's Warning

联邦调查局的警告

The FBI is urging companies to be extra cautious when hiring remote IT workers, especially blockchain developers. These individuals often use fake names, IDs, and social media accounts to get hired. So, if someone seems too good to be true, they probably are.

联邦调查局（FBI）敦促公司在雇用远程IT工人（尤其是区块链开发人员）时要特别谨慎。这些人经常使用假名，ID和社交媒体帐户被录用。因此，如果某人似乎太好了，那么他们可能是。

My Take

我的看法

This whole situation is a stark reminder of how sophisticated North Korea's cyber operations have become. They're not just hacking for the heck of it; they're strategically targeting companies to fund their weapons programs. It's a serious threat that requires serious attention from both the public and private sectors. Companies need to beef up their security measures and be vigilant about who they're hiring. The stakes are simply too high to ignore. After all, it appears these remote jobs are nothing more than a front for illicit activities.

整个情况都清楚地提醒了朝鲜的网络业务。他们不仅仅是为之攻击。他们在战略上针对公司来资助其武器计划。这是一个严重的威胁，需要公共部门和私营部门的严重关注。公司需要加强安全措施，并对他们雇用的人保持警惕。赌注太高而无法忽略。毕竟，这些远程工作似乎不过是非法活动的阵线。

So, next time you're interviewing a remote IT candidate, maybe ask for a little more than just a code sample. You know, just to be safe. And remember, stay vigilant, folks! You never know who might be lurking behind that Zoom screen.

因此，下次您采访远程IT候选人时，也许不仅要求代码样本。你知道，只是为了安全。记住，请保持警惕，伙计们！您永远不知道谁可能潜伏在缩放屏幕后面。