The indictment announced by the U.S. Department of Justice against two North Korean nationals and three facilitators for their involvement in a cyber fraud scheme targeting U.S. companies has shed light on a long-running operation that generated significant revenue for North Korea. The scheme, which spanned from 2018 to 2024, involved deceiving U.S. companies into hiring remote IT workers, ultimately funneling at least $866,255 through illicit means.
The individuals indicted in the scheme include North Korean nationals Jin Sung-Il and Pak Jin-Song, Mexican national Pedro Ernesto Alonso De Los Reyes, and U.S. nationals Erick Ntekereze Prince and Emanuel Ashtor. Their actions were described by the Justice Department as part of a broader effort by North Korea to evade sanctions and fund weapons programs by exploiting opportunities in the IT sector.
The indictment outlines how the defendants utilized forged and stolen identity documents, including U.S. passports, to secure remote IT jobs with 64 U.S. companies. They worked as freelance IT professionals while based in North Korea, laundering over $866,000 in revenue through a Chinese bank account to support the regime’s activities, including weapons development programs. The group used remote access software to deceive victim companies into believing they were hiring legitimate U.S.-based workers.
A key aspect of the fraudulent operation was the use of “laptop farms,” physical locations where laptops provided by U.S. companies were installed with remote access software to maintain the façade of U.S.-based workers when, in reality, they were operating in countries like China or Russia on behalf of North Korea. Ntekereze and Ashtor were arrested in connection with the operation, while Alonso was apprehended in the Netherlands.
North Korea’s IT worker scheme has raised concerns globally, as thousands of skilled IT workers are sent abroad to infiltrate U.S. companies, earning significant sums that support the regime’s sanctioned activities. The U.S. government has cautioned that these workers use various tactics to conceal their identities, generating hundreds of millions of dollars for North Korea.
The defendants face serious charges, including conspiracy to commit wire fraud, money laundering, and transfer of false identification documents, with potential sentences of up to 20 years in prison if convicted. The Department of Justice’s efforts to combat North Korea’s cyber-enabled sanctions-evading schemes have been ongoing, with successful actions targeting similar schemes in recent years.
The FBI, in collaboration with other agencies, has been investigating and targeting these activities, launching initiatives like the “DPRK RevGen: Domestic Enabler Initiative” to identify and shut down U.S.-based “laptop farms.” Assistance for U.S. companies targeted by North Korean IT workers is available, with the FBI offering support and guidance on detection and prevention measures.
“The FBI remains committed to assisting victims of these frauds and providing the necessary tools to prevent similar incidents,” emphasized Bryan Vorndran, Assistant Director of the FBI’s Cyber Division. Efforts to combat North Korean cyber threats will continue, with a focus on holding accountable those responsible for exploiting U.S. companies for the benefit of North Korea’s regime.