US prosecutors charged five, including North Koreans, for tricking firms into hiring fake IT workers, sending $866K+ to fund weapons programs. Stay alert, and report fraud.
Federal prosecutors in the United States have charged five individuals, including two North Korean nationals, for their roles in a scheme that tricked U.S. companies into hiring North Korean IT workers.
According to the Department of Justice (DOJ), the operation funneled hundreds of thousands of dollars to the North Korean government, which, other than using hackers to steal cryptocurrency, has been using such tactics to evade sanctions and fund its weapons programs.
The indicted individuals include North Korean nationals Jin Sung-Il and Pak Jin-Song, Mexican national Pedro Ernesto Alonso De Los Reyes, and U.S. citizens Erick Ntekereze Prince and Emanuel Ashtor. They are accused of using stolen identities and fraudulent documents to pose as legitimate US-based IT professionals, securing remote jobs with at least 64 American companies.
In a detailed indictment (PDF), the DOJ outlined that the group operated from April 2018 to August 2024, using fake identities and falsified documents to bypass hiring checks. Once employed, they allegedly transferred payments amounting to at least $866,255 from ten companies through a Chinese bank account to cover the money trail.
A key element of the operation, according to the DOJ’s press release, involved “laptop farms,” where company-issued computers were received at U.S. locations and set up with remote access software. This allowed North Korean operatives to control the devices from abroad, creating the impression that the workers were based in the United States.
The scheme came to light following an FBI investigation that led to the recent arrests of Prince and Ashtor in the U.S., while Alonso was apprehended in the Netherlands earlier this month.
All five defendants face charges that include conspiracy to commit wire fraud, identity theft, and money laundering. If convicted, they could face up to 20 years in prison.
Repeated Pattern
North Korea has long relied on cyber operations to generate revenue for its government. Thousands of IT workers, primarily based in China and Russia, have been deployed to secure freelance work under false identities. According to U.S. officials, these workers can earn up to $300,000 per year, collectively bringing in millions to support the country’s military ambitions.
To achieve this, they take advantage of online job platforms, social media, and payment services, often using unsuspecting individuals in the U.S. to help move money and avoid detection. In July 2024, cybersecurity firm KnowBe4 was tricked by a North Korean hacker posing as an IT worker whose next step was to load malware on a company-issued Macbook.
In response, the U.S. government has issued several warnings to businesses about the risks associated with hiring remote IT workers. The FBI and other agencies have published guidelines to help companies spot red flags and protect themselves from falling victim to similar scams.
Authorities are also urging businesses to stay alert when hiring remote workers and to report any unusual activity to the FBI. They emphasize the importance of protecting company data and following international sanctions to help stop this type of fraud.
RELATED TOPICS
- Feds Bust N. Korean Identity Theft Ring Targeting US Firms
- Russian hacker tried hiring Tesla worker for malware attack
- Hackers used fake job website to scam jobless US veterans
- Fake LinkedIn job offers scam spreading More_eggs backdoor
- Employee Duped by AI-Generated CFO in $25.6M Deepfake Scam