The U.S. Justice Department has indicted five individuals, including two Americans, for their involvement in a scheme that enabled North Korean nationals to secure IT jobs with at least 64 U.S. companies. The individuals indicted were North Korean nationals Jin Sung-Il and Pak Jin-Song, Americans Erick Ntekereze Prince and Emanuel Ashtor, and Mexican national Pedro Ernesto Alonso De Los Reyes. The scheme involved using fraudulent identities and documents, such as U.S. passports, to get the North Koreans hired. Once employed, they were able to perform remote work using laptops that had been compromised by the conspirators.
Ntekereze and Ashtor, who ran IT staffing companies, were arrested after an FBI raid uncovered a “laptop farm” at Ashtor’s home. This farm enabled the North Korean workers to appear as if they were based in the U.S. and perform IT work remotely. The scheme ran from April 2018 to August 2024 and generated an estimated $866,255, which was laundered through a Chinese bank account. The indictment also revealed that the conspirators failed to follow proper procedures when setting up the North Korean workers, allowing cybercriminals to exploit their compromised access.
The individuals involved in the scheme face serious charges, including conspiracy to cause damage to protected computers, wire fraud, money laundering, and the transfer of false identification documents. Ntekereze and Ashtor face up to 20 years in prison, with additional charges for Jin and Pak, who are also accused of violating the International Emergency Economic Powers Act. In addition to these arrests, the Justice Department has been working to uncover and shut down similar operations, as part of its “DPRK RevGen: Domestic Enabler” initiative. This initiative aims to disrupt North Korea’s efforts to evade sanctions by exploiting IT jobs in the U.S.
North Korea’s cyber-enabled schemes have been ongoing for several years, with North Korean IT workers being sent to countries like China, Russia, and Southeast Asia to find freelance IT work. The workers can earn substantial salaries, sometimes exceeding $300,000 a year, with a team of IT workers potentially bringing in millions. The majority of these earnings are funneled back to the North Korean government, which withholds up to 90% of the wages. The U.S. Department of Justice continues to focus on disrupting these operations, which not only fund North Korea’s weapons programs but also enable data theft and cyber extortion activities. In recent months, the FBI has noted an increase in North Korean IT workers attempting to extort companies by holding stolen data hostage.