The FBI said the scheme involved stealing tens of millions of dollars from U.S. companies and returning them to North Korea to fund weapons development.
Fourteen North Koreans have been indicted on charges of participating in a scheme in which tech workers using fake identities took jobs at U.S. companies and then sent their wages to Pyongyang to develop ballistic missiles and other weapons.
The scheme involved thousands of IT employees and generated more than $88 million (€84 million) in profits for the North Korean government, Ashley T. Johnson, director of the FBI’s office in St. Louis, Missouri, said at a news conference Thursday.
In addition to wages, workers are said to have stolen sensitive company information or threatened to leak information in exchange for money.
Victims included defrauded companies and people whose identities were stolen across the United States, including in Missouri.
The indictment was filed Wednesday in U.S. District Court in St. Louis. All 14 defendants face wire fraud, money laundering, identity theft and other charges.
Most of the defendants are believed to be in North Korea, and Mr Johnson acknowledged it would be difficult to bring them to justice. The US State Department is offering a reward of $5 million (4.8 million euros) for information leading to the arrest of the suspects.
According to federal authorities, the plan involved the cooperation of U.S. citizens.
To carry out this plan, North Korea dispatched thousands of IT employees to work remotely or as freelancers for American companies, sometimes using stolen identities. In other cases, they paid U.S. citizens to use their home Wi-Fi connections or to pose as IT workers during on-camera interviews.
Johnson said the FBI is also pursuing these “domestic applicants.”
“This is just the tip of the iceberg,” she said. “If your company employs fully remote IT staff, you have probably hired, or at least interviewed, North Korean nationals working on behalf of the North Korean government.”
In recent years, the U.S. Department of Justice has sought to expose and disrupt a variety of criminal schemes being carried out in Pyongyang to benefit the Kim Jong-un government, including for the purposes of its nuclear weapons program.
In 2021, the Department of Defense indicted three North Korean computer programmers and a government military intelligence employee for widespread global cyberattacks carried out at the orders of the North Korean regime.
Law enforcement officials at the time said the incident revealed that North Korea’s criminal hacking was done for profit, as cyberattacks by other hostile countries such as Russia, China and Iran typically focus on espionage, intellectual property theft and business disruption. He stated that this is in contrast to what is being adjusted. democracy.
In May 2022, the U.S. State Department, Treasury Department, and FBI issued a joint advisory warning that North Koreans were “attempting to get jobs by pretending to be North Korean citizens,” noting that in recent years Kim Jong-il’s regime has placed “a greater emphasis on education and training” in IT-related subjects. “.
In October 2023, the FBI in St. Louis announced that it had seized $1.5 million (€1.43 million) and 17 domain names as part of the investigation. The indictment announced Tuesday was the first to come out of the investigation.
Johnson urged employers to thoroughly vet all IT staff hired to work remotely. She did not name the company that unknowingly employed North Korean workers.