The U.S. Department of Justice (DoJ) has indicted five individuals, including two North Korean nationals, one Mexican national, and two U.S. citizens, in connection with a fraudulent scheme involving North Korean IT workers. The scheme, which operated from April 2018 to August 2024, tricked U.S. companies into hiring North Korean workers under false identities.
Key Details of the Scheme
The indictment highlights that at least 64 U.S. companies were affected, with payments from 10 companies generating over $866,000 in revenue. These funds were allegedly laundered through Chinese bank accounts. The workers, mostly from North Korea, circumvented sanctions that prohibit their employment in the U.S. by using stolen U.S. identities and fake documentation.
The U.S. defendants, Erick Ntekereze Prince and Emanuel Ashtor, received company-issued laptops that were shipped to their residences in New York and North Carolina. They installed remote access software on these laptops to allow the North Korean workers to carry out their tasks remotely. This method, known as “laptop farming,” deceived companies into believing their new hires were based in the U.S.
International Involvement
Pedro Ernesto Alonso De Los Reyes, a Mexican national, is also implicated in the scheme. In one instance, a North Korean operator used Alonso’s identity to secure a job at a U.S. IT company. Prince’s and Ashtor’s homes became hubs for receiving and modifying the laptops, enabling the remote workers to gain unauthorized access to company systems.
Broader Scope of the Scheme
This indictment is part of a broader effort to combat North Korea’s attempts to funnel illicit revenue into the country’s missile program. The DoJ stated that North Korean IT workers have been using fraudulent means to gain employment worldwide, including in the U.S. The scheme also involved cybercriminal activities, such as data extortion, stealing proprietary company data, and conducting financial fraud.
Recent Developments
Three of the five indicted individuals have been arrested, with Alonso arrested in the Netherlands on January 10, 2025. Jin Sung-Il and Pak Jin-Song, both North Korean nationals, remain at large. If convicted, the defendants face up to 20 years in prison.
Impact on U.S. Cybersecurity
The FBI has warned that North Korean IT workers pose a significant risk to U.S.-based businesses. Beyond financial fraud, these workers have been implicated in cybercrimes, including the theft of sensitive data, code repositories from platforms like GitHub, and the use of stolen credentials to infiltrate company networks. Companies have been urged to tighten their hiring processes to prevent similar incidents, including conducting more thorough background checks and limiting remote hiring practices.
Ongoing Investigations
This case follows a series of similar arrests and indictments related to North Korean cybercrimes. The U.S. Treasury Department has also sanctioned individuals and entities connected to the scheme. Despite these efforts, experts believe that North Korea’s IT worker scam continues to expand globally, with increasing aggressiveness in tactics to exploit vulnerabilities in remote work systems.