Fourteen men with ties to the government of North Korea have been charged in federal court with involvement in a scheme that used remote IT workers to funnel $88 million to the country’s nuclear weapons program.
“To prop up its brutal regime, the North Korean government directs IT workers to gain employment through fraud, steal sensitive information from U.S. companies, and siphon money back to the DPRK [Democratic People’s Republic of Korea],” Deputy U.S. Attorney General Lisa Monaco said Thursday. “This indictment of 14 North Korean nationals exposes their alleged sanctions evasion and should serve as a warning to companies around the globe — be on alert for this malicious activity by the DPRK regime.”
The sophisticated scheme involved at least 130 people, said Ashley Johnson, special agent in charge of the FBI in St. Louis. The 14 charged in the indictment include the reputed leaders and some of the IT workers.
The indictment, which was filed Wednesday, does not list any St. Louis-area companies or nonprofits as victims, but Johnson said the office is aware of victims in the region. She would not say whether they were companies or individuals who had had their identity stolen and used by the North Koreans.
Over the past six years, the indictment says, the men would steal, borrow or pay to use the identities of people in the U.S. to get hired to work remotely as IT support for U.S. companies. They would then send their paychecks back to North Korea. In some cases, they would also extort payments from the companies by threatening to release stolen sensitive information,
“This is just the tip of the iceberg. If your company has hired fully remote IT workers, more likely than not you have hired, or at least interviewed, a North Korean national working on behalf of the North Korean government,” Johnson said.
Though it is unlikely any of the men will ever see the inside of a U.S courtroom, Johnson said the charges help raise awareness of the scheme among Americans.
“The reward that the State Department has put out also gives exposure to those individuals within North Korea and other countries, should they try to perpetuate the same types of schemes,” she said.
In October, the St. Louis office announced that it has seized websites used by the two front companies to advertise fully remote IT workers.
