The U.S. Justice Department revealed indictments against 14 North Korean nationals for their involvement in a long-running scheme designed to pose as remote IT professionals.
The operation, which aimed to circumvent international sanctions, also included allegations of wire fraud, money laundering, and identity theft.
Unsealed in a St. Louis federal court, the indictment outlines an intricate plot where North Korean operatives leveraged stolen identities and AI-generated credentials to infiltrate U.S.-based companies. The goal: generate funds for the North Korean government.
The scheme, facilitated by North Korean-controlled entities Yanbian Silverstar in China and Volasys Silverstar in Russia, reportedly earned at least $88 million over a six-year period. Prosecutors said the funds were funneled through financial systems in the U.S. and China to benefit North Korea.
Beyond collecting salaries, the alleged fake IT workers are accused of stealing sensitive data, including proprietary source code, and using it as leverage to extort companies for additional payments.
The indictment also details how these operatives were required to meet minimum monthly earnings of $10,000. To evade detection, they employed advanced methods such as deepfake identities, proxy servers, and pseudonymous accounts.
Prosecutors noted that the North Korean companies incentivize employees through “socialism competitions,” rewarding those who generated the highest revenue. “While we have disrupted this group and identified its leadership, this is just the tip of the iceberg. The government of North Korea has trained and deployed thousands of IT workers to perpetrate this same scheme against U.S. companies every day,” said Special Agent in Charge Ashley Johnson of the FBI St. Louis Field Office.
Johnson also urged businesses to strengthen their vetting processes for remote IT workers and implement policies requiring regular on-camera interactions for fully remote employees.
This announcement follows a series of incidents highlighting North Korea’s infiltration into U.S. companies. Earlier this year, cybersecurity firm KnowBe4 discovered that a North Korean agent had bypassed its hiring procedures by posing as a software engineer.
According to the company, the operative deployed malware on a company-issued MacBook within minutes of receiving the device, but the installation was blocked. The attacker exploited vulnerabilities in hiring and background checks, relying on a fake identity, falsified documents, and a Raspberry Pi device to execute the breach.
KnowBe4 offers Secure Hiring and Onboarding training for human resources professionals, IT professionals, hiring managers, and others involved in the recruitment and onboarding of employees. It features an in-depth interview with KnowBe4 staff who recount their real-life experience in uncovering a bad actor working for a nation-state government, disguised as a “new hire” during his onboarding process, and details KnowBe4's quick response to secure the network and consequent efforts to educate others on this attempted attack and how it was foiled.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
SecurityWeek has the story.
How BreachSim works:
