Group of North Korean IT workers made at least $88m from fraudulently obtained US IT jobs, extortion payments, officials say
A US federal court in St Louis has indicted 14 North Koreans for alleged roles in a scheme that used fully remote IT workers to send $88 million (£70m) back to North Korea to fund its weapons programme.
The overall scheme allegedly uses thousands of North Korean IT workers who use false, stolen or paid-for identities of people in the US and other countries to gain IT jobs at US companies.
The indicted workers and their group generated at least $88m over a six-year period, according to the indictment.
The fourteen indicted were part of a group of 130 North Korean IT workers who worked for two North Korea-controlled companies, Yanbian Silverstar in China and Volasys Silverstar in Russia.
IT fraud
They were instructed to seek wages of $10,000 per month and, in some cases, also stole sensitive information from their employers and threatened to publish it unless they received an additional extortion payment.
In addition to using false identities, the workers paid US residents to receive, set up and host laptop computers provided by employers.
The workers then set up remote access software on the laptops so that they would appear to be working remotely from the US, authorities said.
US authorities have disrupted one group, but the larger scheme is ongoing, said Ashley Johnson, the special agent in charge of the FBI’s field office in St Louis.
“This is just the tip of the iceberg. If your company has hired fully remote IT workers, more likely than not you have hired, or at least interviewed, a North Korean national working on behalf of the North Korean government,” she said.
The US State Department said it would offer a reward of up to $5m for information on the suspects as well as the two front companies.
Crypto theft
Those indicted are believed to be in North Korea and are unlikely to see the inside of a US courtroom, but Johnson said the indictment and the reward are intended to raise awareness of North Korea’s actions.
“The reward that the State Department has put out also gives exposure to those individuals within North Korea and other countries, should they try to perpetuate the same types of schemes,” she said.
In October the St Louis field office said it had seized websites used by the two front companies to advertise fully remote IT workers.
North Korean hackers have been blamed for hundreds of millions of dollars in cryptocurrency thefts, including $721m stolen from Japan since 2017.
Hackers working for the country stole $2.3bn in cryptocurrency worldwide from 2017 to 2022, according to UK blockchain analysis firm Elliptic.