ST. LOUIS — Fourteen individuals from North Korea have been charged in a fraudulent plan that involved IT workers using false identities to secure contracts with American companies. These workers allegedly diverted their earnings back to North Korea to assist in the development of ballistic missiles and other armaments, according to the St. Louis FBI office. The scheme reportedly secured over $88 million for the North Korean government, as explained by Ashley T. Johnson, the special agent in charge.
These IT workers not only utilized stolen identities but also engaged in cyber theft and extortion tactics, extracting sensitive information from various companies. In some cases, they threatened to disclose this information unless paid off. The victims of these actions included a range of individuals across the United States, notably those in Missouri, whose identities were compromised. The indictments were presented on Wednesday in the U.S. District Court in St. Louis, with the charges spanning wire fraud, money laundering, identity theft, and more.
Many of the accused individuals are thought to be currently residing in North Korea, making their apprehension a challenging endeavor. To assist in locating these suspects, the U.S. Department of State has announced a reward of $5 million for any credible information that could lead to their capture.
Federal authorities outlined how this deceptive operation functioned. North Korea allegedly sent thousands of IT professionals to work for U.S. firms, often remotely or as freelancers. In some instances, these workers used stolen identities, while in others, they compensated American citizens to utilize their Wi-Fi connections or act on their behalf during job interviews. Johnson emphasized that the FBI is also targeting those domestic accomplices aiding this scheme.
“This is merely the beginning,” Johnson commented. “If your business has employed remote IT professionals, there’s a significant chance you’ve hired or at least interacted with a North Korean national working under the direction of their government,” she cautioned.
In recent years, the Justice Department has made efforts to expose and dismantle various criminal operations that serve to strengthen the North Korean regime, particularly its nuclear program. Back in 2021, the department brought charges against three North Korean computer programmers affiliated with the military intelligence agency for numerous global hacking endeavors said to be commissioned by the regime. Officials noted that these prosecutions highlighted the profit-driven nature of North Korea’s hacking activities, distinct from other nations such as Russia, China, and Iran that generally focus on espionage or intellectual property theft.
In May 2022, an advisory from the State Department, the Department of the Treasury, and the FBI warned of North Koreans attempting to gain employment while masquerading as non-North Koreans. This advisory pointed out that under Kim Jong Un, there has been a growing emphasis on improving education and training in IT fields.
In a development in October 2023, the FBI in St. Louis disclosed the seizure of $1.5 million and 17 domain names linked to this investigation. The recent indictments marked the first results released from this ongoing effort.
Johnson urged businesses to perform comprehensive background checks on remote IT employees. “To help reduce your risks, one effective measure is to require current and prospective IT workers to appear on camera as frequently as possible during remote interactions,” she recommended.
Authorities have not disclosed the names of the companies that may have inadvertently employed North Korean workers in this elaborate scheme.