U.S. Charges 14 North Koreans in $88 Million Identity Theft and Extortion Case

The U.S. Department of Justice has indicted 14 North Korean nationals for an $88 million identity theft and extortion scheme, highlighting the growing threat of foreign cyber threats to U.S. companies. The indictment, filed in Missouri federal court, alleges that the conspirators, working for North Korea-controlled companies Yanbian Silverstar and Volasys Silverstar, used false identities to gain employment as remote IT workers for U.S. companies and nonprofit organizations. The scheme generated at least $88 million between April 2017 and March 2023, with some conspirators supplementing their earnings by stealing sensitive company information and threatening to leak it unless the employer made an extortion payment.

The indictment is the latest in a series of actions under a National Security Division initiative launched earlier this year to disrupt North Korea's efforts to generate revenue by duping American companies into hiring its citizens for remote work. The FBI has warned that North Korean IT workers pose a sophisticated and persistent threat, especially to businesses seeking to employ large numbers of contract workers quickly. Companies need to closely vet employees to avoid having their sensitive data stolen and unwittingly funding North Korea's government.



To protect their businesses, companies should thoroughly vet IT workers hired to work remotely. One way to help minimize risk is to insist that current and future IT workers appear on camera as often as possible if they are fully remote. Additionally, companies should be cautious of candidates who refuse to provide personal information or appear hesitant during interviews. Regular background checks and monitoring of employee behavior can also help detect any suspicious activities.

The U.S. government is taking steps to educate businesses about the risks of hiring remote IT workers from high-risk countries. The State Department has announced a reward of up to $5 million for information on these companies, the individuals identified, their illicit activities, and/or those of associated individuals and entities. The identified individuals are Jong Song Hwa, Ri Kyong Sik, Kim Ryu Song, Rim Un Chol, among others.

In conclusion, the indictment of 14 North Korean nationals underscores the need for U.S. companies to enhance their vetting processes for remote IT workers to prevent future infiltration. By staying informed and proactive, businesses can minimize their risk and help combat these threats. Government regulations and industry standards will play a crucial role in mitigating the risk of foreign cyber threats in U.S. companies, and collaboration between the government and private sector is essential to share intelligence and develop effective countermeasures against evolving cyber threats.