The U.S. Justice Department has unveiled charges against an American woman and a Ukrainian man, alongside three unidentified foreign nationals.
The group is accused of allegedly orchestrating a scheme that enabled North Korean IT workers to work remotely for US companies under false US identities.
This deception helped them evade international sanctions.
The scheme explained
Court documents reveal that the conspirators defrauded over 300 US companies by leveraging US payment platforms, online job site accounts, proxy computers located within the United States, and both witting and unwitting US citizens.
According to the Department of Justice, these overseas IT workers secured employment at various high-profile US companies, including a major television network, a Silicon Valley tech firm, an aerospace manufacturer, a car manufacturer, a luxury retail store and a hallmark media and entertainment company, all part of the Fortune 500.
Certain companies were specifically targeted by a group of DPRK IT workers who posted job openings to infiltrate these organizations.
The IT workers also made attempts to gain employment and access information at two different US government agencies on three occasions, though these efforts largely failed.
The Ukrainian man implicated in the scheme allegedly created fake accounts on US IT job search platforms and with U.S.-based money service transmitters.
He then sold these accounts to overseas IT workers, who used them to apply for remote IT jobs with US companies.
The American woman reportedly operated a “laptop farm,” hosting the overseas IT workers' computers in her home to make them appear as if they were located in the US.
She also received and forged payroll checks and managed the direct deposits of the IT workers' wages from US companies into her financial accounts.
Both individuals have been arrested, with the Ukrainian national currently awaiting extradition from Poland to the US. The scheme, which ran from October 2020 to 2023, is estimated to have generated at least $6.8 million for the DPRK.
Identifying North Korean IT workers
U.S. authorities have long warned about North Korean hackers posing as IT freelancers to secure employment at US-based companies.
To prevent such incidents, the FBI has published a public service announcement detailing the latest tactics used by these US-based facilitators and offering tips for organizations to protect themselves.
The FBI emphasized that companies outsourcing IT work to third-party vendors might face increased vulnerabilities due to their detachment from the direct hiring process.
This announcement accompanies the charges and the State Department’s reward offer, aiming to alert and safeguard US businesses against these deceptive practices.