US Nationals Indicted For Fraudulent Remote IT Work

The Justice Department has recently announced the indictment of North Korean nationals Jin Sung-Il and Pak Jin-Song, Mexican national Pedro Ernesto Alonso De Los Reyes, and US nationals Erick Ntekereze Prince and Emanuel Ashtor, for a fraudulent scheme to obtain remote IT work with US companies that generated revenue for the Democratic People’s Republic of Korea (DPRK).

According to the indictment, over the course of their scheme, from approximately April 2018 through August 2024, the defendants and their co-conspirators obtained work from at least sixty-four US companies.

“The Department of Justice remains committed to disrupting North Korea’s cyber-enabled sanctions-evading schemes, which seek to trick US companies into funding the North Korean regime’s priorities, including its weapons programs,” said Supervisory Official Devin DeBacker of the Justice Department's National Security Division.

“FBI investigation has uncovered a years-long plot to install North Korean IT workers as remote employees to generate revenue for the DPRK) regime and evade sanctions,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division.

“The indictments announced today should highlight to all American companies the risk posed by the North Korean government. As always, the FBI is available to assist victims of the DPRK. Please reach out to your local FBI field office should you have any questions or concerns.”

Payments from ten of those companies generated at least $866,255 in revenue, most of which the defendants then laundered through a Chinese bank account.

As part of this prosecution, the FBI arrested Ntekereze and Ashtor and executed a search of Ashtor’s residence in North Carolina, where he previously operated a “laptop farm” that hosted victim company-provided laptops to deceive companies into thinking they had hired US-located workers.Alonso was arrested in the Netherlands on Jan. 10, pursuant to an arrest warrant from the United States.

The DPRK has dispatched thousands of skilled IT workers to live abroad, primarily in China and Russia, with the aim of deceiving US and other businesses worldwide into hiring them as freelance IT workers to generate revenue for the regime.

DPRK IT worker schemes involve the use of pseudonymous email, social media, payment platform and online job site accounts, as well as false websites, proxy computers, and witting and unwitting third parties located in the United States and elsewhere.

As described in a May 2022 tri-seal public service advisory released by the FBI, and State and Treasury Departments, such IT workers have been known individually earn up to $300,000 annually, generating hundreds of millions of dollars collectively each year, on behalf of designated entities, such as the North Korean Ministry of Defence and others directly involved in the DPRK’s weapons of mass destruction programs.

According to the indictment, the defendants used forged and stolen identity documents, including US passports containing the stolen personally identifiable information of a US person, to conceal the true identities of Jin, Pak, and other North Korean co-conspirators, so that these North Korean nationals could circumvent sanctions and other laws to obtain employment with US companies.

Ntekereze and Ashtor received laptops from US company employers at their residences, downloading and installing remote access software on them, without authorisation, to facilitate IT worker access and to perpetuate the deception of US companies.

The defendants further conspired to launder payments for the remote IT work through a variety of accounts designed to promote the scheme and conceal its proceeds.

All five defendants are charged with conspiracy to cause damage to a protected computer, conspiracy to commit wire fraud and mail fraud, conspiracy to commit money laundering, and conspiracy to transfer false identification documents. Jin and Pak are charged with conspiracy to violate the International Emergency Economic Powers Act.

If convicted, the defendants face a maximum penalty of 20 years in prison. A federal district court judge will determine the sentence of each defendant after considering the US Sentencing Guidelines and other statutory factors.

Under the Department-wide “DPRK RevGen: Domestic Enabler Initiative,” launched in March 2024 by the National Security Division and the FBI’s Cyber and Counterintelligence Divisions, Department prosecutors and agents are prioritising the identification and shuttering of US-based “laptop farms”, locations hosting laptops provided by victim US companies to individuals they believed were legitimate US-based freelance IT workers, and the investigation and prosecution of individuals hosting them.

The FBI, in conjunction with the State and Treasury Departments, has issued updated guidance, which includes indicators to watch for that are consistent with the North Korea IT worker fraud and the use of US-based laptop farms.

The FBI has recently issued additional guidance regarding extortion and theft of sensitive company data by North Korean IT workers, along with recommended mitigations. 

U.S. Dept. of Justice     |     ic3     |     Cyber Scoop

Image: Ideogram

You Might Also Read:

KnowBe4 Duped Into Hiring A North Korean Hacker:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« EU Sanctions Russians For Attacks On Estonia
How Does DeepSeek Compare With Other Chatbot AI Tools? »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ESET

ESET

ESET provide security software for enterprises and consumers - Antivirus Software, Internet Security and Virus Protection.

CyberArk Software

CyberArk Software

CyberArk is an established leader in privileged access management and offers the most complete set of Identity Security capabilities.

mmCERT

mmCERT

mmCERT is the national Computer Emergency Response Team for Myanmar.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

Alan Boswell Group

Alan Boswell Group

We are a Group of Companies providing specialist Insurance Broking and Risk Management advice and services including Cyber Risk cover.

SlashNext

SlashNext

The SlashNext Internet Access Protection System (IAPS) provides Zero-Day protection against all internet access threats including Social Engineering & Phishing, Malware, Exploits and Callback Attacks.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company providing cyber security services tailored to meet the evolving needs of organizations worldwide.

NITA Uganda (NITA-U)

NITA Uganda (NITA-U)

NITA-U has put in place the Information security framework to provide Uganda with the necessary process, policies, standards and guideline to help in Information Assurance.

Combis

Combis

COMBIS is a regional high-tech ICT company focused on the development of application, communication, security and system solutions and the provision of services.

UPX Technologies

UPX Technologies

UPX Technologies is one of the largest digital security centers in Brazil providing full protection for data, networks and content.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

Center for Cyber & Homeland Security (CCHS)

Center for Cyber & Homeland Security (CCHS)

The Center for Cyber and Homeland Security at Auburn University is a nonpartisan think tank that works to develop innovative strategies to address current and future threats to the United States.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

Elevate Security

Elevate Security

Elevate is the leading Security Behavior Platform, changing employee security habits while giving security teams unprecedented visibility.

Smile Identity

Smile Identity

Smile Identity helps businesses confirm the true identity of their users in real-time using any smartphone or computer.