US Nationals Indicted For Fraudulent Remote IT Work

Uploaded on 2025-02-03 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Justice Department has recently announced the indictment of North Korean nationals Jin Sung-Il and Pak Jin-Song, Mexican national Pedro Ernesto Alonso De Los Reyes, and US nationals Erick Ntekereze Prince and Emanuel Ashtor, for a fraudulent scheme to obtain remote IT work with US companies that generated revenue for the Democratic People’s Republic of Korea (DPRK).

According to the indictment, over the course of their scheme, from approximately April 2018 through August 2024, the defendants and their co-conspirators obtained work from at least sixty-four US companies.

“The Department of Justice remains committed to disrupting North Korea’s cyber-enabled sanctions-evading schemes, which seek to trick US companies into funding the North Korean regime’s priorities, including its weapons programs,” said Supervisory Official Devin DeBacker of the Justice Department's National Security Division.

“FBI investigation has uncovered a years-long plot to install North Korean IT workers as remote employees to generate revenue for the DPRK) regime and evade sanctions,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division.

“The indictments announced today should highlight to all American companies the risk posed by the North Korean government. As always, the FBI is available to assist victims of the DPRK. Please reach out to your local FBI field office should you have any questions or concerns.”

Payments from ten of those companies generated at least $866,255 in revenue, most of which the defendants then laundered through a Chinese bank account.

As part of this prosecution, the FBI arrested Ntekereze and Ashtor and executed a search of Ashtor’s residence in North Carolina, where he previously operated a “laptop farm” that hosted victim company-provided laptops to deceive companies into thinking they had hired US-located workers.Alonso was arrested in the Netherlands on Jan. 10, pursuant to an arrest warrant from the United States.

The DPRK has dispatched thousands of skilled IT workers to live abroad, primarily in China and Russia, with the aim of deceiving US and other businesses worldwide into hiring them as freelance IT workers to generate revenue for the regime.

DPRK IT worker schemes involve the use of pseudonymous email, social media, payment platform and online job site accounts, as well as false websites, proxy computers, and witting and unwitting third parties located in the United States and elsewhere.

As described in a May 2022 tri-seal public service advisory released by the FBI, and State and Treasury Departments, such IT workers have been known individually earn up to $300,000 annually, generating hundreds of millions of dollars collectively each year, on behalf of designated entities, such as the North Korean Ministry of Defence and others directly involved in the DPRK’s weapons of mass destruction programs.

According to the indictment, the defendants used forged and stolen identity documents, including US passports containing the stolen personally identifiable information of a US person, to conceal the true identities of Jin, Pak, and other North Korean co-conspirators, so that these North Korean nationals could circumvent sanctions and other laws to obtain employment with US companies.

Ntekereze and Ashtor received laptops from US company employers at their residences, downloading and installing remote access software on them, without authorisation, to facilitate IT worker access and to perpetuate the deception of US companies.

The defendants further conspired to launder payments for the remote IT work through a variety of accounts designed to promote the scheme and conceal its proceeds.

All five defendants are charged with conspiracy to cause damage to a protected computer, conspiracy to commit wire fraud and mail fraud, conspiracy to commit money laundering, and conspiracy to transfer false identification documents. Jin and Pak are charged with conspiracy to violate the International Emergency Economic Powers Act.

If convicted, the defendants face a maximum penalty of 20 years in prison. A federal district court judge will determine the sentence of each defendant after considering the US Sentencing Guidelines and other statutory factors.

Under the Department-wide “DPRK RevGen: Domestic Enabler Initiative,” launched in March 2024 by the National Security Division and the FBI’s Cyber and Counterintelligence Divisions, Department prosecutors and agents are prioritising the identification and shuttering of US-based “laptop farms”, locations hosting laptops provided by victim US companies to individuals they believed were legitimate US-based freelance IT workers, and the investigation and prosecution of individuals hosting them.

The FBI, in conjunction with the State and Treasury Departments, has issued updated guidance, which includes indicators to watch for that are consistent with the North Korea IT worker fraud and the use of US-based laptop farms.

The FBI has recently issued additional guidance regarding extortion and theft of sensitive company data by North Korean IT workers, along with recommended mitigations.

U.S. Dept. of Justice | ic3 | Cyber Scoop

Image: Ideogram

You Might Also Read:

KnowBe4 Duped Into Hiring A North Korean Hacker:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.