A federal court in St. Louis indicted 14 North Korean nationals for their involvement in an extensive fraudulent scheme, utilizing false identities to pose as remote information technology workers for U.S. companies according to U.S. Department of Justice. The defendants, associated with North Korean-controlled firms Yanbian Silverstar and Volasys Silverstar, earned at least $88 million over six years while violating U.S. sanctions.
14 North Korean nationals indicted for extensive fraud scheme
The indicted individuals operated under the direction of their employers in China and Russia, effectively circumventing sanctions and defrauding companies by employing stolen, borrowed, or fictitious identities. Some employees were tasked with generating a minimum of $10,000 monthly. The conspirators often supplemented their salaries by stealing sensitive information, including proprietary source code, and threatening their employers with extortion demands if payments were not made. The indictment states that a single incident cost one employer hundreds of thousands of dollars after confidential data was leaked due to extortion.
Sidestepping detection required sophisticated strategies. North Korean operatives employed advanced tactics such as deepfake identities, online pseudonyms, and proxy servers to conceal their origins. They utilized elaborate schemes to apply for positions within U.S. firms, including using stolen identities of individuals and paying U.S. citizens to conduct remote job interviews under false pretenses. In some cases, the conspirators installed software on laptops sent to U.S. citizens, enabling remote access that masked their actual locations.
The Justice Department characterized this operation as part of the North Korean regime’s broader strategy to generate revenue through fraudulent means. Deputy Attorney General Lisa Monaco stated, “To prop up its brutal regime, the North Korean government directs IT workers to gain employment through fraud, steal sensitive information from U.S. companies, and siphon money back to the DPRK.” The indictment serves as a stark warning to businesses worldwide to be vigilant against such deceptive practices.
The ongoing investigation highlights a persistent and sophisticated threat from North Korean IT workers, who continue to exploit vulnerabilities in the global labor market. U.S. Attorney Sayler A. Fleming emphasized the importance of vetting remote workers thoroughly and recommended measures such as requiring employees to appear on camera to reduce risks.
Europol uncovers cybercrime empire with 27 DDoS sites shut down
Previous efforts to combat North Korean activities
This indictment is part of a broader initiative by the Department of Justice aimed at disrupting North Korea’s revenue-generating operations in the tech sector. Previous actions have included the seizure of over $1.5 million linked to these fraudulent activities and court-authorized seizures of illegal internet domains used by the conspirators to enhance the legitimacy of their fabricated identities.
The State Department unveiled a reward offer of up to $5 million for information related to the identified individuals and their operations. The individuals listed include Jong Song Hwa, Ri Kyong Sik, Kim Ryu Song, and several others involved in running the deceptive IT schemes.
The extent of North Korea’s approach is extensive, with thousands of trained IT workers deployed globally to infiltrate businesses and acquire funds that support the regime. These workers leverage technologies like VPNs and multiple digital accounts to execute their schemes, posing a significant security threat to U.S. firms.
Investigations are ongoing, and the full scale of these operations is still being assessed. The complex web of North Korean deception underscores the need for increased cybersecurity measures within U.S. organizations, as the implications of these operations extend beyond immediate financial losses to broader national security concerns.
Featured image credit: Shamsudeen Adedokun/Unsplash
