US Indicts Five in North Korea IT Workforce Crackdown

North Korean IT Worker Scheme Results in Indictments

Five individuals have been indicted by U.S. authorities for their alleged participation in a long-running scheme involving North Korean IT workers. This operation involved securing remote employment with numerous American companies.

Details of the Indictment

The Department of Justice announced indictments against Jin Sung-Il and Pak Jin-Song, both North Korean citizens. Also indicted were Pedro Ernesto Alonso De Los Reyes, a citizen of Mexico, and U.S. nationals Erick Ntekereze Prince and Emanuel Ashtor.

Federal Bureau of Investigation (FBI) agents arrested Ntekereze and Ashtor. A subsequent search of Ashtor’s residence in North Carolina revealed a “laptop farm.” This setup contained company-issued laptops used to mislead employers into believing they were hiring U.S.-based workers.

Alonso was apprehended in the Netherlands following the issuance of a U.S. arrest warrant.

Methods Used to Conceal Identities

The indictment details how Ntekereze and Ashtor allegedly installed remote access software on the provided laptops. This included programs like AnyDesk and TeamViewer, enabling North Korean workers to mask their true locations.

Furthermore, the two American citizens are accused of supplying Jin and Pak with falsified identification. This included U.S. passports and access to U.S. bank accounts.

Scope and Duration of the Scheme

The alleged scheme spanned from April 2018 to August 2024, during which time the defendants reportedly secured employment with at least 64 American organizations.

Among the victimized companies were a U.S. financial institution, a technology firm located in San Francisco, and an IT organization headquartered in Palo Alto.

Financial Impact and Money Laundering

Payments received from just ten of these companies totaled at least $866,255. The majority of these funds were allegedly laundered through a bank account in China.

Department of Justice Statement

Devin DeBacker, a supervisory official within the Justice Department’s National Security Division, emphasized the department’s dedication to disrupting North Korea’s cyber activities. These activities aim to circumvent sanctions and illicitly fund the North Korean regime, including its weapons programs.

FBI Advisory and Increased Malicious Activity

Alongside the indictments, the FBI issued an advisory. This warning highlights the increasing engagement of North Korean IT workers in malicious cyber activity, including data extortion.

The agency has observed these workers exploiting unauthorized network access to steal sensitive data. They also use this access to facilitate cybercrime and generate revenue for the North Korean government.

Key Takeaway: This case underscores the ongoing threat posed by North Korean cyber activities and the efforts to hold those involved accountable.