The US Department of Justice has announced the indictment of five individuals, including two North Korean citizens, for their alleged involvement in a multi-year scheme that saw them obtain remote IT employment with dozens of American companies. The scheme, which ran from April 2018 to August 2024, involved the defendants gaining employment with at least 64 US organizations, including a financial institution, a technology company, and an IT organization.

According to the indictment, the defendants, including Jin Sung-Il and Pak Jin-Song of North Korea, Pedro Ernesto Alonso De Los Reyes of Mexico, and US nationals Erick Ntekereze Prince and Emanuel Ashtor, used forged identity documents and remote access software to conceal their locations and deceive companies into thinking they had hired workers based in the US. The FBI arrested Ntekereze and Ashtor, and a search of Ashtor's home in North Carolina found evidence of a "laptop farm" that hosted company-provided laptops.

The indictment alleges that the defendants installed remote access software, including Anydesk and TeamViewer, on the company-provided devices, allowing the North Koreans to access and control the devices remotely. The two Americans, Ntekereze and Ashtor, also provided Jin and Pak with forged identity documents, including US passports and US bank accounts, to facilitate the scheme.

The scheme generated at least $866,255 in revenue, most of which was laundered through a Chinese bank account. The Justice Department has stated that the defendants' actions were part of a broader effort by North Korea to evade sanctions and fund its priorities, including its weapons programs.

In a statement, Devin DeBacker, supervisory official with the Justice Department's National Security Division, said, "The Department of Justice remains committed to disrupting North Korea's cyber-enabled sanctions-evading schemes, which seek to trick US companies into funding the North Korean regime's priorities."

The indictment comes just days after the Treasury Department sanctioned two individuals and four entities for allegedly engaging in similar behavior. The FBI has also released an advisory warning that North Korean IT workers are increasingly engaging in malicious activity, including data extortion.

The agency said it has observed North Korean IT workers leveraging unlawful access to company networks to "exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime." The advisory serves as a warning to US companies to be vigilant and take steps to protect themselves from these types of schemes.

The indictment and advisory highlight the growing threat of cyber-enabled fraud and the need for companies to be proactive in protecting themselves from these types of schemes. As the US government continues to crack down on North Korea's sanctions-evading activities, it remains to be seen how this will impact the country's cyber operations and the global cybersecurity landscape.