The North Korean government, struggling under the weight of international sanctions, has for years seeded companies in the US and elsewhere with remote tech workers camouflaged by false and stolen identities to generate desperately needed revenue, federal prosecutors say.
Taking advantage of the global demand for skilled tech employees and the rise in remote employment, the North Korean regime has found a way to work around United Nations and US sanctions imposed on it for its nuclear weapons programme, the prosecutors said in two indictments unsealed in federal district courts in Massachusetts and Georgia. It has also used the access to steal both money and information, they said.
"Thousands of North Korean cyber-operatives have been trained and deployed by the regime to blend into the global digital work force," Leah Foley, the chief federal prosecutor in Massachusetts, said in announcing the charges on Monday. She called the threat "both real and immediate".
On Monday, federal law enforcement authorities took a series of actions across 16 states aimed at shutting down the scheme. Investigators seized dozens of financial accounts and fraudulent websites and searched "laptop farms" that allowed North Korean operatives to gain access to the computers that companies provide their off-site employees, prosecutors said.
In recent years, North Korean attempts to evade sanctions using false identities have increasingly been raising alarm. There is evidence that the operation has expanded geographically, targeting Europe in particular, according to a report from the Google Threat Intelligence Group in April.
Last year, the justice department and the FBI launched an initiative to identify people in the US believed to be helping North Koreans advance the plots, some of them without their knowledge.
In one of the cases brought by federal prosecutors this week, American, Chinese and Taiwanese citizens were accused of involvement in a plot that compromised about 80 American identities. The falsified identities were used to help North Koreans get remote tech jobs with over 100 companies across dozens of states in a range of industries between 2021 and 2024.
Prosecutors say the scheme generated about $5 million for North Korea, and cost American business some $3 million in damages and expenses. It also exposed sensitive information, including some related to military technology, they said.
The defendants are said to have used online background check services to cull personal information and create personas for the North Koreans so that they appeared authorised to work in the US.
To bolster the falsified identities, participants in the scheme created fake companies, websites and bank accounts and arranged to receive the company laptops delivered to the remote workers in the US, prosecutors said. Then, the authorities said, they granted remote access to the laptops to North Korean operatives working abroad.
A new waterfront resort opened for business this week in North Korea with PR hype — but without the foreign visitors that the country’s leader, Kim Jong-un, hoped would one day arrive with tourist cash to offset financially punishing sanctions.
New York Times News Service