U.S. authorities have indicted five people over their alleged involvement in a multi-year scheme that saw them obtain remote IT employment with dozens of American companies.
The Department of Justice on Thursday announced the indictment of North Korean citizens Jin Sung-Il and Pak Jin-Song; Pedro Ernesto Alonso De Los Reyes of Mexico, and U.S. nationals Erick Ntekereze Prince and Emanuel Ashtor.
The DOJ said the FBI arrested Ntekereze and Ashtor, and a search of Ashtor’s home in North Carolina found evidence of a “laptop farm” that hosted company-provided laptops to deceive organizations into thinking they had hired workers based in the U.S.
Alonso was also arrested in the Netherlands after a U.S. warrant was issued.
According to the indictment, Ntekereze and Ashtor allegedly installed remote access software, including Anydesk and TeamViewer, on the company-provided devices, allowing the North Koreans to conceal their locations. The two Americans also provided Jin and Pak with forged identity documents, including U.S. passports and U.S. bank accounts.
The indictment alleges that the defendants gained employment from at least 64 American organizations over the course of the multi-year scheme, which ran from April 2018 through August 2024. These included a U.S. financial institution, a San Francisco-based technology company, and a Palo Alto-headquartered IT organization.
According to the Justice Department, payments from ten of those companies generated at least $866,255 in revenue, most of which was laundered through a Chinese bank account.
“The Department of Justice remains committed to disrupting North Korea’s cyber-enabled sanctions-evading schemes, which seek to trick U.S. companies into funding the North Korean regime’s priorities, including its weapons programs,” Devin DeBacker, supervisory official with the Justice Department’s National Security Division, said in a statement.
Alongside Thursday’s indictments, which come just days after the Treasury Department sanctioned two individuals and four entities for allegedly engaging in similar behavior, the FBI released an advisory warning that North Korean IT workers are increasingly engaging in malicious activity, including data extortion.
The agency said it has observed North Korean IT workers leveraging unlawful access to company networks to “exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime.”
