US exposes scheme enabling North Korean IT workers to bypass sanctions
The US Justice Department had unsealed charges against a US woman and an Ukranian man who, along with three unidentified foreign nationals, have allegedly helped North Korean IT workers work remotely for US companies under assumed US identities and thus evade sanctions.
At the same time, the US State Department has announced that its Rewards for Justice (RFJ) program is offering “a reward of up to $5 million for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support the Democratic People’s Republic of Korea (DPRK),” as well as for information about the three foreign nationals involved in this scheme.
The scheme
According to the court documents, the conspirators defrauded over 300 US companies by using US payment platforms and online job site accounts, proxy computers located in the United States, and witting and unwitting US persons and entities.
“The overseas IT workers gained employment [as software and applications developers] at US companies, including at a top-five major television network, a Silicon Valley technology company, an aerospace manufacturer, an American car manufacturer, a luxury retail store, and a US-hallmark media and entertainment company, all of which were Fortune 500 companies. Some of these companies were purposely targeted by a group of DPRK IT workers, who maintained postings for companies at which they wanted to insert IT workers,” the DOJ says.
“The overseas IT workers also attempted to gain employment and access to information at two different US government agencies on three different occasions, although these efforts were generally unsuccessful.”
The Ukrainian man allegedly created fake accounts at US IT job search platforms and with US-based money service transmitters, then sold them to overseas IT workers, which would use them to apply for remote IT jobs with US companies.
The US woman “ran a ‘laptop farm,’ hosting the overseas IT workers’ computers inside her home so it appeared that the computers were located in the United States, and also received and forged payroll checks and received direct deposits of the overseas IT workers’ wages from the US companies into her US financial accounts,” the DOJ claims.
Both have been arrested and the Ukrainian national is awaiting extradition from Poland to the US.
According to the State Department, this scheme went on from October 2020 to 2023 and generated at least $6.8 million for the DPRK.
How to identify North Korean IT workers
US authorities have been warning about North Korean hackers posing as IT freelancers and seeking employment at US-based companies for several years, and sharing advice on how to spot them to avoid hiring them.
To accompany the charges and the State Department announcement, the FBI has published a public service announcement sharing details about these latest tactic employed by US-based facilitators, as well as tips for organizations on how to protect themselves.
“Companies that outsource IT work support to third-party vendors can face additional vulnerabilities since these companies are removed from the direct hiring process,” the FBI noted.