The U.S. Department of Justice indicts 14 North Koreans for using their identities to defraud jobs and earn $88 million

Fourteen North Koreans have been indicted for their roles in a long-running scam in which they stole the identities of U.S. citizens, illegally obtained jobs at U.S. companies and made tens of millions of dollars, which they allegedly brought back to Pyongyang. The indictment, handed down in federal court in Missouri on Wednesday, charged the gang with wire fraud, money laundering and identity theft crimes between April 2017 and March 2023.

Over those six years, the 14 men earned at least $88 million by working as IT staff for U.S. companies and nonprofits. The men were ordered to earn more than $10,000 a month, with several holding multiple jobs and supplementing their income by stealing sensitive company information.

The Justice Department did not respond to a request for comment on how the $88 million figure was calculated. If accurate, that would mean each worker earns about $1 million per year.

The indictments follow multiple actions by U.S. authorities and companies over the past two years to stop similar activity;

In addition to wages, several companies have successfully blackmailed the companies that employed them, threatening to leak proprietary source code and other information in exchange for a one-time payment. The Justice Department said at least one company "suffered hundreds of thousands of dollars in losses after rejecting extortion demands from a co-conspirator who subsequently publicly released the employer's proprietary information."

These 14 people worked for companies controlled by North Korea and registered in China and Russia. The two companies were named Yanbian Silverstar and Volasys Silverstar respectively. Through the two companies, the individuals "conspired to use false, stolen and borrowed identities of Americans and others to conceal their North Korean identities and foreign locations."

The two companies employ at least 130 North Korean IT workers - known locally as "IT warriors".

"To support its brutal regime, the North Korean government directed IT workers to fraudulently obtain employment, steal sensitive information from U.S. companies, and siphon funds back into North Korea," said U.S. Deputy Attorney General Lisa Monaco. "This indictment of 14 North Korean nationals exposes their alleged evasion of sanctions and should serve as a warning to companies around the world to be wary of this malign activity by the North Korean regime."

If convicted, the defendants each face up to 27 years in prison. It's unclear where the individuals are located, but Justice Department officials have previously said other members of the IT worker program were based in North Korea, China and Russia -- using U.S. citizens who conspired to run laptop farms as conduits to make it appear they were in the United States.

The U.S. State Department and FBI are offering a $5 million reward for information about the 14 men.

Bryan Vorndran, assistant director of the FBI's Cyber Division, said U.S. companies and Americans whose identities were stolen were "victims" of the scheme, and U.S. Attorney Sayler Fleming added that the activity was particularly harmful to "businesses seeking to hire large numbers of contract workers quickly."

"North Korean IT employees continue to find ways to evade detection, so companies need to rigorously vet their employees to avoid sensitive data being stolen and unknowingly funding the North Korean government," Fleming said.

The Justice Department noted that the gang of 14 North Koreans was one of "several" groups that generated revenue for the North Korean government through the IT worker program. As part of the indictment, the Justice Department seized $320,000 and $444,800 from two bank accounts associated with the scheme.

Previously, the Justice Department also seized $1.5 million and shut down dozens of Internet domains that workers used to provide false credentials to potential employers. North Korean actors are able to leverage a range of technical tools - from fake email addresses to fake social media accounts and fictitious employment verification - to fuel this activity.

The Justice Department found that some companies even paid U.S. citizens to attend job interviews or meetings in person under false identities. But prosecutors said the company should have paid more attention to glaring errors, including addresses and phone numbers that didn't match the businesses and poor English on reference websites and resumes.

The Justice Department said that thanks to high salaries for U.S. IT employees, the North Korean group "collectively generates hundreds of millions of dollars in revenue annually on behalf of designated entities such as North Korea's Department of Defense and other entities directly involved in North Korea's United Nations-banned weapons of mass destruction programs."

Yanbian Silver Star and Wallasey Silver Star companies allegedly held competitions among workers, asking them to see who could earn the most and paying bonuses to the winners. Some North Koreans have worked for U.S. companies for years, earning hundreds of thousands of dollars.

FBI Special Agent in Charge Ashley Johnson pointed out that the 14 people indicted were "just the tip of the iceberg."

"The North Korean government has trained and deployed thousands of IT employees and is executing the same scheme against U.S. companies every day. Protect your business by thoroughly vetting your fully remote IT workforce. One way to help minimize the risk is to insist that current and future IT employees be on camera as often as possible if they are operating fully remotely," she said.