The Justice Department continues to crack down on North Korea’s use of remote IT worker schemes and cryptocurrency thefts to fund its government.
Four Americans and a Ukrainian national recently pleaded guilty to charges of helping North Koreans get remote IT jobs at U.S. companies, including by furnishing stolen identities — and, in some cases, their own names — and maintaining company-provided laptops at U.S. residences to fool the employers.
The five facilitators’ actions defrauded more than 136 U.S. companies, compromised more than a dozen Americans’ identities and generated more than $2.2 million for North Korea, federal prosecutors said.
The five defendants pleaded guilty in Florida, Georgia and Washington, D.C., between Nov. 6 and Nov. 13. All of the men were charged with one count of wire fraud conspiracy, and the Ukrainian national was also charged with one count of aggravated identity theft. Prosecutors said he spent years stealing Americans’ identities and selling them to North Korean operatives and other overseas IT workers. As part of his plea deal, he forfeited more than $1.4 million.
One of the American facilitators received $89,000 for helping North Korea. Another facilitator, an active-duty U.S. Army service member, received more than $50,000.
In tandem with the pleas, the DOJ also announced the seizure of more than $15 million in cryptocurrency that the Lazarus Group, a North Korea-linked hacker group also known as APT 38, stole from four cryptocurrency platforms in 2023.
Matthew Galeotti, the acting head of the Justice Department’s Criminal Division, said in a statement that “hostile nation-states raising funds for illicit programs by stealing from digital asset exchanges” threatened U.S. economic and national security.
Assistant Attorney General for National Security John Eisenberg said the recent actions reflect the Justice Department’s “comprehensive approach to disrupting North Korean efforts to finance their weapons program on the backs of Americans.”
The U.S. government’s effort to disrupt North Korea’s IT worker schemes is one of the few cybersecurity initiatives from the Biden administration that the Trump administration has maintained. The Justice Department’s DPRK RevGen: Domestic Enabler Initiative pairs prosecutors from the DOJ’s National Security Division with agents from the FBI’s Cyber and Counterintelligence Divisions. Prosecutors announced indictments and seizures in January and June.
U.S. agencies have spent years warning businesses and foreign governments to watch for signs of North Korea’s remote IT worker scheme. In a 2022 interagency advisory, the U.S. said that North Korean operatives can earn as much as $300,000 a year at their IT jobs, with Pyongyang withholding up to 90% of that money and receiving hundreds of millions of dollars annually.