The U.S. Department of Justice (DoJ) has charged 14 North Korean individuals with involvement in a fraudulent scheme exploiting remote IT work to violate sanctions, engage in wire fraud, and commit money laundering and identity theft. These actions enabled North Korea to generate significant revenue over six years.

Misleading Identities in IT Employment

According to the DoJ, conspirators affiliated with North Korean-operated firms Yanbian Silverstar and Volasys Silverstar, located in China and Russia, deceptively acquired remote IT jobs by masking their true identities. Utilizing stolen or fabricated identities from various countries, they secured positions in U.S. corporations and non-profit organizations.

Financial Gains and Extortion Tactics

The operation allegedly accumulated $88 million, funneling funds through the U.S. and Chinese financial systems to Pyongyang. In one reported instance, a refusal to meet extortion demands led to the leaking of proprietary information from a U.S. employer.

Individuals Implicated

The indictment names the following North Koreans involved in different roles, from senior leaders to IT workers: 1. Jong Song Hwa 2. Ri Kyong Sik 3. Kim Ryu Song 4. Rim Un Chol 5. Kim Mu Rim 6. Cho Chung Pom 7. Hyon Chol Song 8. Son Un Chol 9. Sok Kwang Hyok 10. Choe Jong Yong 11. Ko Chung Sok 12. Kim Ye Won 13. Jong Kyong Chol 14. Jang Chol Myong

Sanctioned Firms and IT Workers

These individuals worked for Yanbian Silverstar and Volasys Silverstar, firms that employed over 130 North Korean IT specialists known as "IT Warriors." These workers participated in "socialism competitions" to maximize revenue for North Korea. Top performers earned bonuses and prizes for their contributions.

Ongoing U.S. Government Efforts

As part of ongoing measures, the U.S. government has seized 29 fraudulent website domains used to pose as legitimate IT service providers. Additionally, $2.26 million, including $1.5 million confiscated recently, was recovered from bank accounts linked to the illicit activities. The DoJ and Department of State continue to offer a reward of up to $5 million for information regarding the implicated entities and individuals.

Concealment Techniques

The DoJ outlined how these schemes used various methods, such as pseudonymous accounts, deceptive websites, and proxy servers, to obscure the scammers' North Korean origins. Some tactics even included using "laptop farms" in the U.S., where local residents set up computers for remote access to simulate domestic work locations.

Potential Consequences

The 14 defendants face charges of conspiracy to violate the International Emergency Economic Powers Act, wire fraud conspiracy, money laundering conspiracy, and identity theft. Should they be convicted, they could face up to 27 years in prison for these crimes.

Cryptocurrency Theft by North Korea

Aside from IT worker fraud, North Korea is involved in other illegal activities, such as cryptocurrency theft. Recently, North Korean hackers, identified as Citrine Sleet, were linked to a $50 million heist from DeFi platform Radiant Capital. The group, associated with Lazarus Group, deceived developers through social engineering to introduce malicious software, showcasing North Korea's diverse cybercriminal strategies. This investigation exemplifies the U.S. and international efforts to tackle cybersecurity threats and financial crimes rooted in state-sponsored activities.

The link has been copied!