A federal court in St. Louis, Missouri, has indicted 14 North Koreans for orchestrating long-running schemes to evade US sanctions and commit cyber crimes.
The group is alleged to have been operating under North Korean-controlled companies Yanbian Silverstar in China and Volasys Silverstar in Russia. The DOJ says members used stolen or false identities to secure employment with US companies as remote IT workers.
Six-Year Cyber Fraud Operation
The indictment alleges the conspirators earned at least $88 million over six years by:
- Using stolen identities to secure jobs.
- Extorting employers by threatening to leak proprietary data.
- Remitting earnings through US and Chinese financial systems to benefit North Korea’s regime.
These schemes were part of broader efforts by North Korea to funnel IT earnings into the government’s coffers, often for its weapons programs.
Looking for a job? Visit whatjobs.com today
Sanctions Evasion Tactics
To mask their identities, the conspirators used:
- Fake websites with nonsensical content to create false credibility.
- Proxy systems and US-based laptops to mimic domestic workers.
- US intermediaries to receive and forward employer-provided equipment.
In some cases, they leveraged stolen corporate information to extort additional payments, causing significant financial losses to employers.
North Korea’s IT Workforce Strategy
According to the Department of Justice (DOJ), North Korea has deployed thousands of skilled IT workers globally to earn income while avoiding detection.
These workers, referred to as “IT Warriors,” often earn up to $300,000 annually by securing remote jobs with international companies.
Competitions within organizations like Yanbian Silverstar rewarded employees who generated the most revenue. The funds were then channeled back to North Korea, circumventing sanctions.
Hiring? Post jobs for free with WhatJobs
Government and Industry Warnings
Deputy Attorney General Lisa Monaco said:
“To prop up its brutal regime, the North Korean government directs IT workers to gain employment through fraud, steal sensitive information from U.S. companies, and siphon money back to the DPRK.
“This indictment of 14 North Korean nationals exposes their alleged sanctions evasion and should serve as a warning to companies around the globe — be on alert for this malicious activity by the DPRK regime.”
Crackdown on North Korean Cybercrime
The indictment follows a two-year DOJ initiative aimed at disrupting these operations. Actions to date include:
- Seizures of over $2.26 million and 29 internet domains linked to the schemes.
- Ongoing investigations into additional North Korean groups using similar tactics.
Need Career Advice? Get employment skills advice at all levels of your career
Rewards for Information
The State Department has announced a reward of up to $5 million for information on these conspirators or associated entities. The identified individuals include senior leaders and IT workers within Yanbian Silverstar and Volasys Silverstar.
Key Takeaways for Businesses
With North Korea’s IT schemes becoming increasingly sophisticated, US companies are advised to:
- Conduct rigorous identity checks during hiring.
- Monitor unusual employee activity, especially among remote workers.
- Strengthen cybersecurity measures to protect sensitive data.
This indictment underscores the persistent threat posed by North Korean cyber actors and the importance of international collaboration in combating such schemes.