Federal authorities said the scheme worked like this:
North Korea dispatched thousands of IT workers to get hired and work remotely or as freelancers for US companies. The IT workers involved in the scheme sometimes used stolen identities. In other instances, they paid Americans to use their home Wi-Fi connections, or to pose in on-camera job interviews as the IT workers. Johnson said the FBI is going after those “domestic enablers,” too.
“This is just the tip of the iceberg,” Johnson said. “If your company has hired fully remote IT workers, more likely than not, you have hired or at least interviewed a North Korean national working on behalf of the North Korean government,” Johnson said.
The Justice Department in recent years has sought to expose and disrupt a broad variety of criminal schemes aimed at bolstering the North Korean regime, including its nuclear weapons program.
In 2021, the Justice Department charged three North Korean computer programmers and members of the government’s military intelligence agency in a broad range of global hacks that officials say were carried out at the behest of the regime.
Law enforcement officials said at the time that the prosecution highlighted the profit-driven motive behind North Korea’s criminal hacking, a contrast from other adversarial nations like Russia, China and Iran that are generally more interested in espionage, intellectual property theft or even disrupting democracy.
In May 2022, the State Department, Department of the Treasury, and the FBI issued an advisory warning of attempts by North Koreans “to obtain employment while posing as non-North Korean nationals.” The advisory noted that in recent years, the regime of Kim Jong Un “has placed increased focus on education and training” in IT-related subjects.
In October 2023, the FBI in St. Louis announced the seizure of US$1.5 million and 17 domain names as part of the investigation. The indictments announced Tuesday were the first stemming from the investigation.
Johnson urged companies to thoroughly vet IT workers hired to work remotely. “One of the ways to help minimize your risk is to insist current and future IT workers appear on camera as often as possible if they are fully remote,” she said.
Officials did not name the companies that unknowingly hired North Korean workers.
Source: CNA
