The Justice Department indicted fourteen North Koreans in Missouri, on Wednesday. They were charged with extortion as well as identity theft to raise money in violation of United States sanctions for the regime.
In a press statement, the Justice Department stated that the conspiracy spanned between 2017 and 2023. It involved identity theft as well as wire fraud, money laundering, and extortion.
The defendants worked for North Korea-controlled companies Yanbian Silverstar (China) and Volasys Silverstar (Russia), which are based in China and Russia respectively. Over 130 IT workers were employed by the companies, over a six-year period generating $88 million in revenue for the Democratic People’s Republic of Korea.
Lisa Monaco, Deputy Attorney-General, explained that the North Korean government uses IT workers to steal sensitive data from U.S. firms, gain employment, and then send money back to DPRK.
She said that the indictment exposed “their alleged sanction evasion” and served as a warning for businesses around the world.
The defendants are accused of using stolen or fake identities to secure remote IT work for nonprofits and companies based in the United States. They used their positions to gain sensitive information that was then used as a tool for extortion.
This indictment, and the disruptions that followed it, highlight the cyber threats involved with this threat. These include theft of sensitive information to be used for extortion,” stated Assistant Attorney General Matthew G. Olsen.
This operation is a part of DPRK’s larger effort to raise money through illicit means.
Today’s charges are the most recent step in an ongoing, two-year Department effort to disrupt this specific group of conspirators, one of multiple such DPRK groups attempting to generate revenue for the DPRK government through such schemes. Prior Department actions against this group include: (i) a January court-authorized seizure of approximately $320,000 (unsealed today); (ii) a July court-authorized seizure of approximately $444,800 (unsealed today); (iii) previously announced October 2022 and January 2023 court-authorized seizures of approximately $1.5 million; and (iv) previously announced October 2023 and May 2024 court-authorized seizures of 29 internet domains used by the same group to increase the bona fides and appeal of their assumed identities to prospective employers.
The FBI St. Louis Field Office Special Agent in charge Ashley T. Johnson said that North Korea has “trained thousands of IT workers and deployed them to perpetrate the same scheme every day against U.S. businesses.”
The defendants are accused of extorting a U.S. employer in one case by threatening proprietary information if the employer did not agree to the employee’s requests.
To avoid detection, the perpetrators used a number of tools, including pseudonymous accounts, proxy servers, and stolen U.S. identities. Even Americans were paid to go on job interviews for the North Korean agents. The DPRK-controlled organizations were able to deceive their employers, obtain lucrative contracts, and then send the money to the regime via the U.S. or Chinese financial system.
U.S. Attorney Sayler A. Fleming for the Eastern District of Missouri explained that these workers “pose a sophisticated and persistent threat, especially to businesses seeking to employ large numbers of contract workers quickly.”
If convicted, each defendant could face more than 20 years in prison.
The indictment forms part of a larger Justice Department effort to disrupt DPRK revenue-generation schemes. Since January 2024, the agency has seized about $2.3 Million in funds as well as 29 domains linked to this operation.
Assistant Director Bryan Vorndran, of the FBI Cyber Division, assured the public that the DOJ would continue its efforts to stop this operation. He stated, “The FBI, along with our partners, will continue to expose and mitigate the fraudulent IT schemes, and provide unwavering assistance to victims of North Korean Cyber actors.”
