A federal court in St. Louis, Missouri, has indicted 14 North Korean nationals in a sophisticated scheme involving IT workers who allegedly defrauded US companies and funneled millions of dollars to North Korea’s weapons programs.
The indictment, unsealed on Wednesday, charges the individuals with wire fraud, money laundering, identity theft, and other offenses.
According to the Justice Department, the scheme generated at least $88 million for the North Korean government over approximately six years, ending in March 2023.
The IT workers employed by North Korea-controlled companies Yanbian Silverstar in China and Volasys Silverstar in Russia used false identities to obtain remote work positions with US companies and nonprofits.
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
Ashley T. Johnson, special agent in charge of the FBI’s St. Louis office, stated that the workers not only collected salaries but also stole sensitive information from companies and threatened to leak it unless extortion payments were made. The stolen funds were allegedly used to support North Korea’s ballistic missile and weapons development programs.
To combat this threat, the US Department of State is offering rewards of up to $5 million for information leading to any of the suspects. The indictment is part of a broader effort by the Justice Department to disrupt North Korea’s attempts to generate revenue by exploiting the US job market.
Deputy Attorney General Lisa Monaco emphasized the cybersecurity risks associated with this scheme, including the theft of sensitive business information for extortion purposes. The FBI has warned that if a company has hired fully remote IT workers, it’s likely they have unknowingly employed or interviewed a North Korean national working for their government.
As part of the investigation, the FBI has already seized $1.5 million and 17 domain names. Companies are urged to thoroughly vet remote IT workers and insist on frequent video appearances to minimize the risk of hiring North Korean operatives.
This indictment highlights the ongoing efforts of North Korea to circumvent international sanctions and fund its weapons programs through sophisticated cyber operations. As the threat evolves, US authorities continue to adapt their strategies to counter these illicit activities and protect American businesses and national security interests.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free