N Korea made millions from remote work scheme, US says
3 min read
A U.S. court has indicted 14 North Koreans for extorting millions from U.S. companies through a remote work scheme, funneling funds to North Korea’s weapons programs.
A federal court in St. Louis has indicted 14 North Koreans accused of being part of a large-scale conspiracy that allegedly extorted millions of dollars from U.S. companies, channeling funds to North Korea’s weapons programs. The indictment details how a broader scheme involved thousands of North Korean IT workers using stolen, borrowed, or fabricated identities to secure remote jobs with U.S. firms.
The operation reportedly generated at least $88 million (£51.5 million) for North Korea over six years, with the suspects allegedly working for two companies linked to the regime: China-based Yanbian Silverstar and Russia-based Volasys Silverstar. The U.S. Department of Justice states that the individuals charged were part of a group of 130 North Korean IT workers, referred to as “IT Warriors” internally within the two companies.
According to the indictment, the suspects were instructed to demand salaries of $10,000 a month from their American employers. In addition to their regular wages, the workers reportedly used extortion tactics to raise more money for North Korea’s government. These tactics included stealing valuable company information and threatening to release it unless the employer made an extortion payment. The charges against the suspects include wire fraud, money laundering, identity theft, and several others.
To avoid detection, the suspects used stolen identities and worked with people residing in the U.S. to set up laptops provided by the American companies. These U.S. residents would install remote access software, making it appear that the North Koreans were working from within the U.S., while they were actually operating from overseas. Prosecutors believe the suspects are currently in North Korea, making it unlikely that they will face trial in the U.S.
The U.S. State Department has offered a reward of up to $5 million for any information that leads to the identification of the suspects or further details on Yanbian and Volasys. While U.S. officials have not disclosed the names of the American companies targeted by the scheme, the indictment highlights the extent of the operation, which they say is just one part of a broader pattern of cyberattacks linked to North Korea’s regime.
Ashley T. Johnson, the special agent in charge of the FBI’s field office in St. Louis, stated, “While we have disrupted this group and identified its leadership, this is just the tip of the iceberg. The government of North Korea has trained and deployed thousands of IT workers to perpetrate this same scheme against U.S. companies every day.”
This indictment underscores the growing threat posed by North Korea’s cyber operations, which not only aim to generate revenue for the regime but also contribute to the funding of its controversial weapons programs. The scale of the operation reveals how the regime has effectively utilized technology and remote work to infiltrate U.S. companies, creating significant challenges for cybersecurity and international business relations. Despite the efforts to disrupt the operation, U.S. officials warn that such activities are likely to continue as North Korea continues to leverage its growing network of skilled cyber operatives.
About The Author
