Dec 16, 2024 20:00:00

US authorities indict North Korean 'IT warriors' who illegally earned money through remote work, offering 770 million yen reward for useful information

On December 12, 2024, the US Department of Justice indicted 14 North Koreans for illegally employing North Koreans in US companies through Chinese and Russian companies and evading sanctions related to their nuclear missile program through money laundering and theft of trade secrets. Authorities have set a $5 million reward for information leading to companies or individuals involved in this case.

Office of Public Affairs | Fourteen North Korean Nationals Indicted for Carrying Out Multi-Year Fraudulent Information Technology Worker Scheme and Related Extortions | United States Department of Justice

https://www.justice.gov/opa/pr/fourteen-north-korean-nationals-indicted-carrying-out-multi-year-fraudulent-information

According to the Department of Justice, the 14 North Koreans indicted this time employed at least 130 North Korean IT workers through companies based in China and Russia called Yanbian Silverstar and Volasys Silverstar, earning at least $88 million (approximately 13.53 billion yen) over a six-year period.

'North Korea directs tech workers to fraudulently obtain jobs and steal sensitive information from American companies in order to raise funds for North Korea to support its brutal regime,' said Deputy Attorney General Lisa Monaco. 'The indictment of 14 North Korean nationals exposes their alleged sanctions evasion and should serve as a warning to businesses around the world to remain vigilant against this nefarious activity by the North Korean government.'

Yanbian Silverstar and Volasys Silverstar regularly held 'socialist contests' in which participants competed to see who could earn the most money for North Korea, with bonuses and prizes awarded to the winners.

North Koreans also call themselves 'IT warriors', and some are said to have stolen confidential company information and source code in order to blackmail their employers and use the money they obtained from the blackmail to meet quotas.

There have been repeated reports of North Korean IT workers infiltrating companies in other countries, often by using remote work to conceal their identities.

FBI warns that thousands of North Koreans are falsely identities and working as remote workers in other countries, sending wages to North Korea for missile program - GIGAZINE

The Department of Justice has indicted 14 North Koreans for violating U.S. sanctions, identity theft, wire fraud, and money laundering, and has announced a reward of up to $5 million for information about these companies and individuals and their fraudulent activities, or about individuals or entities involved.

Investigations into this group have resulted in the seizure of approximately $1.5 million in October 2022 and January 2023, approximately $320,000 in January 2024, and $444,800 in July, as well as the seizure of 29 internet domains in October 2023 and May 2024. These domains were used to make Yanbian Silverstar and Volasys Silverstar appear to be legitimate companies.

North Koreans also received laptops sent by companies for remote work and paid American collaborators to set them up and host them for remote operation. This method of masquerading as a US resident to avoid detection is known as a 'laptop farm.'

'We have disrupted this group and identified its leader, but this is just the tip of the iceberg,' said Ashley T. Johnson, special agent in charge of the FBI's St. Louis field office. 'The North Korean government is training many IT workers for similar schemes and sending them to American companies on a daily basis. American companies should protect their operations by thoroughly vetting their fully remote IT workers. One way to minimize risk is to ensure that fully remote workers are visible on webcam as often as possible.'