In a major offensive against North Korea's illicit cybercrime operations, the U.S. Justice Department announced a series of coordinated actions aimed at crippling the regime's abil-ity to generate revenue through the exploitation of American tech companies. This initia-tive, spearheaded by the National Security Division and the FBI's Cyber and Counterintelli-gence Divisions, focuses on dismantling deceptive practices that enable the Democratic People’s Republic of Korea (DPRK) to fund its weapons programs.
The actions, revealed in a recent press release, include the arrest of a Maryland man accused of participating in a scheme to help North Korean hackers gain remote IT jobs at U.S. firms under false identities. The FBI also seized control of a dozen website domains employed by North Korean cyber operatives to disguise their true identities and locations when seeking freelance tech work.
"Today's announcement reveals the complex web of deception and facilitators that is central to the North Korean regime's schemes to evade sanctions and finance its weapons program," said Matthew G. Olsen, the assistant attorney general for national security.
Details of the Scheme
According to court documents, North Korea has deployed thousands of skilled IT workers abroad, primarily in China and Russia. These workers deceive businesses worldwide into hiring them as freelance IT professionals, generating significant revenue for North Korea’s weapons of mass destruction (WMD) programs. They employ pseudonymous email ad-dresses, social media profiles, payment platforms, and online job site accounts, along with false websites and proxy computers to conceal their identities. Once embedded at a compa-ny, the hackers funnel their earnings back to North Korea through online payment services and Chinese bank accounts.
A public service advisory issued in May 2022 by the FBI, Department of the Treasury, and Department of State highlighted that these IT workers can earn up to $300,000 annually, collectively bringing in hundreds of millions of dollars each year for North Korean entities involved in WMD programs.
Recent Enforcement Actions
The District of Maryland recently led enforcement actions against Minh Phuong Vong of Bowie, Maryland, who was arrested for allegedly aiding overseas IT workers in securing remote IT positions at U.S. companies using his identity. The FBI also executed a search at Vong’s residence, uncovering a scheme where remote IT workers based overseas posed as Vong to perform his job duties at U.S. companies, including those providing services to the U.S. government.
In the Eastern District of Missouri, the Justice Department seized 12 website domains used by DPRK IT workers to obscure their true identities when applying for remote work. These IT workers were associated with the PRC-based Yanbian Silverstar Network Technology Co. Ltd. and the Russia-based Volasys Silver Star, both sanctioned in 2018. They funneled income from their fraudulent IT work back to North Korea via online payment services and Chinese bank accounts.
U.S. Attorney Sayler A. Fleming for the Eastern District of Missouri remarked, “Shutting down these websites is just one of the ways we are working to disrupt the flow of money to the North Korean weapons program. The business community can do their part by carefully vetting their online hires.”
Rewards for Information
The U.S. Department of State is offering rewards of up to $5 million for information that aids international efforts to disrupt North Korea’s illicit activities, particularly those involving individuals sent abroad to generate funds for the DPRK government.
