North Korean nationals indicted in scheme using IT workers to funnel money for weapons programs

ST. LOUIS (AP) — Fourteen North Korean nationals have been indicted in a scheme using information technology workers with false identities to contract with U.S. companies — workers who then funneled their wages to North Korea for development of ballistic missiles and other weapons, the head of the FBI office in St. Louis said Thursday.

The scheme involving thousands of IT workers generated more than $88 million for the North Korean government, Ashley T. Johnson, special agent in charge of the St. Louis FBI office, said at a news conference. In addition to their wages, the workers stole sensitive information from companies or threatened to leak information in exchange for extortion payments, Johnson said.

Victims included defrauded companies and people whose identities were stolen from across the U.S., including Missouri, Johnson said. The indictments were filed Wednesday in U.S. District Court in St. Louis. All 14 people face wire fraud, money laundering, identity theft and other charges.

Most of those accused are believed to be in North Korea. Johnson acknowledged that bringing them to justice will be difficult. To help, the U.S. Department of State is offering a $5 million reward for information leading to any of the suspects.

Federal authorities said the scheme worked like this:

North Korea dispatched thousands of IT workers to get hired and work remotely or as freelancers for U.S. companies. The IT workers involved in the scheme sometimes used stolen identities. In other instances, they paid Americans to use their home Wi-Fi connections, or to pose in on-camera job interviews as the IT workers. Johnson said the FBI is going after those “domestic enablers,” too.

“This is just the tip of the iceberg,” Johnson said. “If your company has hired fully remote IT workers, more likely than not, you have hired or at least interviewed a North Korean national working on behalf of the North Korean government,” Johnson said.

The Justice Department in recent years has sought to expose and disrupt a broad variety of criminal schemes aimed at bolstering the North Korean regime, including its nuclear weapons program.

In 2021, the Justice Department charged three North Korean computer programmers and members of the government’s military intelligence agency in a broad range of global hacks that officials say were carried out at the behest of the regime. Law enforcement officials said at the time that the prosecution highlighted the profit-driven motive behind North Korea’s criminal hacking, a contrast from other adversarial nations like Russia, China and Iran that are generally more interested in espionage, intellectual property theft or even disrupting democracy.

In May 2022, the State Department, Department of the Treasury, and the FBI issued an advisory warning of attempts by North Koreans “to obtain employment while posing as non-North Korean nationals.” The advisory noted that in recent years, the regime of Kim Jong Un “has placed increased focus on education and training” in IT-related subjects.

In October 2023, the FBI in St. Louis announced the seizure of $1.5 million and 17 domain names as part of the investigation. The indictments announced Tuesday were the first stemming from the investigation.

Johnson urged companies to thoroughly vet IT workers hired to work remotely. “One of the ways to help minimize your risk is to insist current and future IT workers appear on camera as often as possible if they are fully remote,” she said.

Salter is responsible for covering news in Missouri, including death penalty coverage, politics and other key issues. He assists with coverage in six other states – Kansas, Nebraska, Iowa, North Dakota, South Dakota and Minnesota.