DOJ indicts five in North Korean fake IT worker scheme – CyberScoop
The U.S. government delivered another blow to North Korea’s fake IT worker scheme Thursday, with the Department of Justice announcing indictments against five men for fraudulently obtaining remote credentials to work with American companies and generate revenue for Pyongyang.
The indictments of North Korean nationals Jin Sung-Il and Pak Jin-Song, Mexican national Pedro Ernesto Alonso De Los Reyes, and U.S. nationals Erick Ntekereze Prince and Emanuel Ashtor follow previous DOJ actions targeting related schemes, and come a week after the Treasury Department sanctioned two individuals and four entities for allegedly engaging in similar behavior.
“The Department of Justice remains committed to disrupting North Korea’s cyber-enabled sanctions-evading schemes, which seek to trick U.S. companies into funding the North Korean regime’s priorities, including its weapons programs,” Devin DeBacker, supervisory official with the Justice Department’s National Security Division, said in a statement.
“Our commitment includes the vigorous pursuit of both the North Korean actors and those providing them with material support,” he continued. “It also includes standing side-by-side with U.S. companies to not only disrupt ongoing victimization, but also to help them independently detect and prevent such schemes in the future.”
The new indictment alleges that the defendants collected at least $866,255 in revenue from 10 U.S. companies, while gaining employment from at least 64 American firms over the course of the scheme, which ran from approximately April 2018 through August 2024. Most of the payments were laundered through a Chinese bank account, the DOJ said.
Forged and stolen identity documents, including U.S. passports with stolen personally identifiable information of an American individual, were used to obscure the actual identities of Jin, Pak and other co-conspirators from North Korea, according to the indictment.
By concealing their true identities, the defendants were able to get jobs with U.S. companies, while Ntekereze and Ashtor allegedly hosted laptops from the companies at their residences and downloaded and installed remote access software on them, enabling access for the fake IT workers.
“FBI investigation has uncovered a years-long plot to install North Korean IT workers as remote employees to generate revenue for the DPRK regime and evade sanctions,” Bryan Vorndran, assistant director of the FBI’s Cyber Division, said in a statement. “The indictments announced today should highlight to all American companies the risk posed by the North Korean government.”
The FBI arrested Ntekereze and Ashtor after a search of Ashtor’s North Carolina residence, which previously served as the home base for the “laptop farm.” Alonso, meanwhile, was arrested Jan. 10 in the Netherlands. All three defendants face charges of conspiracy to cause damage to a protected computer, conspiracy to commit wire fraud and mail fraud, conspiracy to commit money laundering, and conspiracy to transfer false identification documents.
Jin and Pak face the same charges, as well as a conspiracy to violate the International Emergency Economic Powers Act charge. All five defendants face up to 20 years in prison.
Last week’s sanctions from the Treasury Department’s Office of Foreign Assets Control targeted a North Korean Ministry of National Defense-created office that created front companies to facilitate fake IT worker schemes, as well as two individuals and a Chinese company involved in the deception.
Other federal government efforts against the ongoing North Korean IT operations include the August 2024 arrest of a Tennessee man for allegedly using stolen identities to secure remote work for North Korean nationals and the December 2024 DOJ indictment of 14 North Koreans who purportedly generated $88 million over the course of a six-year conspiracy.
The post DOJ indicts five in North Korean fake IT worker scheme appeared first on CyberScoop.
–
Read More – CyberScoop
