US: These 14 North Koreans Posed as Remote IT Workers, Stole $88 Million

The US has identified and exposed 14 North Korean nationals for allegedly posing as remote IT workers to trick employers into hiring them. 

On Thursday, the Justice Department announced it had indicted the North Koreans for using fake, stolen, or borrowed identities from real Americans to help them obtain jobs at US companies and nonprofits since at least 2017. The suspects “generated at least $88 million throughout the approximately six-year conspiracy,” the DOJ says. Their North Korean bosses often ordered them to earn at least $10,000 per month.

The suspects not only worked IT jobs but also stole confidential data, including source code, from their employers, with the goal of financial extortion. The income was then used to fund the North Korean government, which continues to face strict sanctions from the US.

“In some instances, US employers unwittingly employed North Korean IT workers for years and paid them hundreds of thousands of dollars in salary,” the Justice Department says. 

(Credit: FBI)

The indictment shows that the FBI unraveled some of the covert schemes and identified specific perpetrators. Investigators say all 14 suspects worked as staffers or senior leaders for two North Korean companies, Yanbian Silverstar and Volasys Silverstar, which the US already sanctioned. 

According to the 34-page indictment, some of the suspects were ordered in early 2021 to use the stolen personal information from 188 US-based people to pull off the scheme. 

In other instances, real Americans helped the North Koreans dupe their employers. The Justice Department notes that the suspects sometimes paid US-based people to attend job interviews and work meetings using fake aliases. At other times, the North Koreans enlisted US-based accomplices to receive laptops from the employers. “After these laptops were set up, the conspirators instructed the US persons to install software that allowed them to access the laptops from overseas,” the Justice Department says. 

Despite the indictment, the FBI warns that the North Korean government has trained and deployed “thousands of IT workers” to perpetrate the scheme. For example, Yanbian Silverstar and Volasys Silverstar collectively employed at least 130 North Korean IT workers.

As a result, the US is urging employers to fully vet remote employees before hiring them. “One of the ways to help minimize your risk is to insist current and future IT workers appear on camera as often as possible if they are fully remote,” said FBI Special Agent in Charge Ashley Johnson of the St. Louis field office. 

The US is also offering rewards for information about the 14 indicted North Korean nationals who’ve been known to work out of North Korea and China. Rewards will also be given for details about any other covert North Korean IT worker schemes.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

About Michael Kan

Senior Reporter

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.

Read Michael’s full bio

Read the latest from Michael Kan