The U.S. Department of Justice (DOJ) has revealed an extensive scheme in which North Korean IT workers infiltrated over 300 U.S. companies by posing as remote freelancers, earning millions of dollars in the process. This operation, facilitated by collaborators in the United States, aimed to siphon money and sensitive information to support North Korea’s regime, including its nuclear weapons program.

The DOJ’s investigation led to the unsealing of charges and court-authorized actions to disrupt these illicit activities. The charges include prosecutions against an Arizona woman, a Ukrainian man, and three unidentified foreign nationals. These individuals are accused of participating in schemes that enabled North Korean IT workers to pose as U.S. citizens and residents to infiltrate domestic companies.

“Today’s announcement of charges and law enforcement action show our broad approach to attacking funding sources for North Korea across the United States,” said U.S. Attorney Matthew Graves for the District of Columbia.

The operation involved facilitators, often referred to as “mules,” who managed fake identities, handled job interviews, and conducted drug tests on behalf of the North Korean workers. One facilitator, a Ukrainian national, managed around 870 identities and hosted nearly 80 computers, earning over $900,000 in six years.

The workers, often highly skilled and operating under strict oversight, engaged in activities such as cryptojacking, targeting security researchers, and launching other cyberattacks to fund the regime.

The scheme defrauded over 300 U.S. companies across various industries, including several Fortune 500 companies. The identities of more than 60 U.S. persons were compromised, resulting in significant financial and security implications.

“Using the stolen identities of U.S. citizens is a crime by itself, but when you use those identities to procure employment for foreign nationals with ties to North Korea at hundreds of U.S. companies, you have compromised the national security of an entire nation,” said Chief Guy Ficco of IRS-CI.

Two defendants have been arrested, and related seizures and search warrants have been executed in various locations, including Washington, D.C. and Poland. The DOJ also seized illicitly obtained wages and a website domain used in the operation.

“The charges in this case should be a wake-up call for American companies and government agencies that employ remote IT workers,” said Principal Deputy Assistant Attorney General Nicole Argentieri.

This scheme highlights North Korea’s continued efforts to evade international sanctions and fund its activities through cyber operations. The FBI and other agencies have reiterated the importance of robust identity verification processes for remote workers to prevent such infiltrations.

“By stealing the identities of American citizens to commit fraud, they obtained proceeds which likely helped fund the North Korean regime’s priorities, including nuclear weapons programs,” said Larissa Knapp, executive assistant director of the FBI’s National Security Branch.

Information for this briefing was found via DOJ and the sources mentioned. The author has no securities or affiliations related to this organization. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.