North Korea’s $88 Million Cyber Scheme That Duped American Companies
The Justice Department indicted 14 North Korean nationals in Missouri on Wednesday, for carrying out an extortion and identity theft scheme to raise money for the nation’s regime in violation of United States sanctions.
The conspiracy, which spanned from 2017 to 2023, involved identity theft, wire fraud, money laundering, and extortion, the Justice Department said in a press release.
The defendants allegedly worked for North Korea-controlled companies Yanbian Silverstar and Volasys Silverstar, which operate out of China and Russia, respectively. The companies employed over 130 IT workers who generated at least $88 million for the Democratic People’s Republic of Korea (DPRK) over six years.
“To prop up its brutal regime, the North Korean government directs IT workers to gain employment through fraud, steal sensitive information from U.S. companies, and siphon money back to the DPRK,” Deputy Attorney General Lisa Monaco explained.
She indicated that the indictment exposes “their alleged sanctions evasion,” while serving as a warning to businesses worldwide.
The defendants allegedly used stolen and fake identities to obtain remote IT work with U.S.-based companies and nonprofit organizations. They used their positions to obtain sensitive information which was later used for extortion.
“This indictment and associated disruptions highlight the cybersecurity dangers associated with this threat, including theft of sensitive business information for the purposes of extortion,” said Assistant Attorney General Matthew G. Olsen.
This operation is part of a larger effort on the part of the DPRK to raise funds through illicit means.
Today’s charges are the most recent step in an ongoing, two-year Department effort to disrupt this specific group of conspirators, one of multiple such DPRK groups attempting to generate revenue for the DPRK government through such schemes. Prior Department actions against this group include: (i) a January court authorized seizure of approximately $320,000 (unsealed today); (ii) a July court authorized seizure of approximately $444,800 (unsealed today); (iii) previously announced October 2022 and January 2023 court-authorized seizures of approximately $1.5 million; and (iv) previously announced October 2023 and May 2024 court-authorized seizures of 29 internet domains used by the same group to increase the bona fides and appeal of their assumed identities to prospective employers.
North Korea’s government has “trained and deployed thousands of IT workers to perpetrate this same scheme against U.S. companies every day,” said Special Agent in Charge Ashley T. Johnson of the FBI St. Louis Field Office.
In one instance, the defendants allegedly extorted a U.S.-based employer by threatening to release proprietary information if they did not acquiesce to the employee's demands.
The perpetrators employed a variety of tools to carry out the scheme, including pseudonymous accounts, proxy servers, and stolen U.S. identities to evade detection. They even paid Americans to attend job interviews on behalf of the North Korean operatives. This allowed the DPRK-controlled organizations to deceive employers, secure lucrative contracts, and transmit the proceeds to the regime through U.S. and Chinese financial systems.
U.S. Attorney Sayler A. Fleming for the Eastern District of Missouri explained that these workers “pose a sophisticated and persistent threat, especially to businesses seeking to employ large numbers of contract workers quickly.”
Each defendant faces more than two decades in prison if convicted.
The indictment is part of a larger Justice Department initiative to disrupt the DPRK’s revenue-generation schemes. The agency has seized about $2.3 million in funds and 29 internet domains tied to the operation since January 2024.
Assistant Director Bryan Vorndran of the FBI’s Cyber Division assured the public of the DOJ’s continued efforts to stop these operations, stating, “The FBI will continue to work with our partners to expose and mitigate these fraudulent IT schemes and provide unwavering support to victims of North Korean cyber actors.”
Post a Comment