North Korean worker fraud scheme sent nearly $1M to Pyongyang

by
North Korean worker fraud scheme sent nearly $1M to Pyongyang

The Department of Justice announced on Wednesday that five people, including two Americans, have been indicted for their involvement in a North Korean remote worker fraud scheme. The scheme aimed to infiltrate U.S. companies through fraudulent remote IT jobs and funnel $900,000 back to North Korea between 2018 and 2024.

Who Are the Accused?

The federal indictment from the Southern District of Florida names:

  • Jin Sung-Il (North Korean)
  • Pak Jin-Song (North Korean)
  • Erick Ntekereze (American)
  • Emanuel Ashtor (American)
  • Pedro Ernesto Alonso De Los Reyes (Mexican national)

Role of the Accused:

  • North Korean nationals Jin and Pak: Secured jobs at U.S. companies using fake documents.
  • Ntekereze and Ashtor: Enabled the North Koreans to access company laptops remotely by posing as locals.
  • Alonso: Provided Jin with a fake identity to deceive U.S. employers.

Jin and Pak remain fugitives, while Ntekereze and Ashtor were arrested by the FBI. Alonso was arrested in the Netherlands on a U.S. arrest warrant.

The Fraud Scheme Explained

The scheme relied on North Korean nationals posing as U.S.-based IT workers. The conspirators used so-called “laptop farms” where Americans and collaborators in other countries gave North Koreans remote access to company-issued computers, making it appear as if they were working locally.

Once hired, the North Koreans performed IT jobs while secretly funneling the earnings back to North Korea. They also planted malware and accessed sensitive systems, according to federal authorities.

“If you let someone like that onto your staff, they can also plant malware and obtain backdoor access to your system,” warned Scott Snyder, CEO of the Korea Economic Institute of America.

A Booming ‘Cash Cow’ for North Korea

The pandemic-fueled rise of remote work has provided North Korea with a lucrative opportunity to exploit U.S. companies, according to Snyder. Thousands of highly skilled North Korean IT workers have been deployed globally with the goal of securing remote jobs in Western countries.

“This is a cash cow for North Korea,” Snyder said. “The return on investment justifies the effort they’re making.”

Authorities believe the money raised is used to fund North Korea’s weapons and arms programs.

How the Scheme Worked

  1. North Korean nationals like Jin and Pak applied for jobs at U.S. companies using forged American passports and credentials.
  2. American collaborators, like Ntekereze and Ashtor, provided company laptops and granted remote access to the North Koreans.
  3. The conspirators laundered the earnings through a Chinese bank, eventually funneling the money back to North Korea.

“They’re knowledgeable and capable, and they’re doing the job plus more,” said Snyder, emphasizing the risks for companies unknowingly hiring these workers.

The companies affected by the scheme included:

  • A multinational retail corporation
  • A Connecticut-based financial institution
  • A Miami-based cruise line
  • A Silicon Valley tech company

These companies also reported over $1 million in damages due to fraud and cyberattacks.

U.S.-Based Collaborators Played a Key Role

The scheme could not have succeeded without help from U.S.-based collaborators who acted as intermediaries.

  • Ntekereze and Ashtor received tens of thousands of dollars for their role in helping North Korean workers appear legitimate to U.S. employers.
  • They even registered companies posing as staffing agencies to provide IT workers to U.S. firms, court documents say.

Mexican national Alonso was charged for allowing Jin to use his identity to fool companies.

Federal Efforts to Combat North Korean Fraud

The Southern District of Florida indictment is the latest in a series of federal crackdowns on North Korean remote worker schemes:

  • December 2024: A federal court in St. Louis, Missouri, indicted 14 North Koreans for remote worker fraud, bringing in $88 million for the regime over six years.
  • August 2024: Authorities arrested Matthew Isaac Knoot, a Nashville resident, for running a laptop farm for North Korea.
  • May 2024: Three North Koreans and an Arizona woman were indicted for using the identities of 60 Americans to defraud over 300 U.S. companies, including Fortune 500 companies and financial institutions.

Risks for U.S. Companies

Experts warn that companies hiring fraudulent remote workers not only face financial losses but also security breaches:

  • Malware installation
  • Backdoor access to sensitive data
  • Intellectual property theft

“Businesses hiring these workers put themselves at risk,” Snyder emphasized.

The North Korean remote worker fraud scheme highlights the growing threat of cyber-enabled fraud and the importance of rigorous background checks for remote employees. As the DOJ intensifies its crackdown, experts warn that businesses must remain vigilant to avoid being exploited.

Leave a Comment