Don t panic, but the remote IT person at your company might be working for North Korea

Get the Full StoryRemote work might be the way of the future but according to the U.S. Department of Justice, that remote IT person at your company could be a North Korean national, and the money you pay him or her might go straight back to their home country, the Democratic People s Republic of Korea, or DPRK. According to the DOJ, two North Korean nationals, two U.S. Nationals, and one man from Mexico were indicted on Jan. 23 on charges they ran a multiyear laptop farm in the United States, through which North Korea s Jin Sung-Il and Pak Jin-Song obtained remote IT work with at least 64 U.S. companies, generating nearly 900,000 in revenue for the DPRK while evading sanctions. Erick Ntekereze Prince and Emanuel Ashtor, both from the U.S., and Pedro Ernesto Alonso De Los Reyes, from Mexico, were also indicted for their role in facilitating the scam. American laptops, DPRK workers Read the FBI s new PSA on North Korean IT workers illegally obtaining remote jobs with U.S. companies to generate profit for North Korea. Recently, these workers have leveraged their unlawful access to steal data and extort companies: https: t.co 8QEf3NQacn pic.twitter.com Kg0Pa2sFMq FBI FBI January 24, 2025 via FBI X According to the DOJ, the five men indicted scammed American companies between 2018 and 2024. The companies provided the laptops, thinking they d hired American workers, but in fact, the laptops resided in so-called laptop farms, in this case, in North Carolina. The DPRK knowingly sends workers to other countries, most often Russia or China, who then get hired as freelance IT workers and remotely access those laptops. A Chinese bank then launders the money they re paid, directly funding the DPR and the Kim Jong Un regime, including the DPRK s weapons of mass destruction programs. The DOJ says fraudulent DPRK IT employees have earned up to 300,000 a year, and various laptop farm schemes have generated hundreds of millions for North Korea. The hiring companies all provided fake email addresses, social media accounts, online job site accounts, and more. The IT workers in this case used stolen or assumed U.S. identities to secure the work. The indictments announced today should highlight to all American companies the risk posed by the North Korean government, the FBI s Cyber Division s Assistant Director Bryan Vorndran said, referring to the most recent case, adding, As always, the FBI is available to assist victims of the DPRK. Please reach out to your local FBI field office should you have any questions or concerns. Post-COVID, the problem got worse Through the Rewards for Justice program, the U.S. Department of State is offering up to a 5 million for information on a North Korean IT workers ring. They used stolen identities to work for U.S. companies and launder their salaries back to North Korea.https: t.co TQmlNPZa1t pic.twitter.com 4upAhpr8oy FBI FBI December 26, 2024 According to John Hultquist, head of threat intelligence at the cybersecurity firm Mandiant, the shift to remote work around the world and gig economy jobs in general have left U.S. companies particularly vulnerable to such scams. FBI special agent Jay Greenberg told the AP if your company has hired a remote IT professional, then at some point, it has more than likely hired a North Korean national working under an assumed identity. At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities, Greenberg said. Cybersecurity expert Hultquist added, I think the post-COVID world has created a lot more opportunity for them because freelancing and remote hiring are a far more natural part of the business than they were in the past.

Share: