Financial Crime World

North Korea’s IT Workers Uncovered in Fraudulent Scheme to Fund Weapons Program

Seized Website Domains Used to Defraud Businesses and Evade Sanctions

The United States government has seized 17 website domains used by Democratic People’s Republic of Korea (DPRK) information technology (IT) workers as part of a scheme to defraud US and foreign businesses, evade sanctions, and fund North Korea’s weapons program. This latest development comes after previous court-authorized seizures of approximately $1.5 million in revenue generated by the same group of IT workers.

How the Scheme Worked

  • Thousands of skilled DPRK IT workers were dispatched to live abroad, primarily in China and Russia, where they deceived US and other businesses into hiring them as freelance IT workers.
  • The IT workers used pseudonymous email accounts, social media platforms, payment services, and online job sites to generate millions of dollars a year for North Korea’s weapons programs.

Seized Domains Designed to Appear Legitimate

The seized website domains were designed to appear as legitimate IT services companies based in the United States, allowing the DPRK IT workers to hide their true identities and location. The group, which works for Yanbian Silverstar Network Technology Co. Ltd. and Volasys Silver Star, had previously been sanctioned by the US Department of the Treasury in 2018.

Income Funneled Back to North Korea

The seized domains are just one aspect of a larger scheme, with the DPRK IT workers funneling income back to North Korea through online payment services and Chinese bank accounts. The FBI is urging U.S. companies to be cautious about who they hire and to verify the identities of remote IT workers to prevent unwittingly funding North Korea’s weapons program.

US Government Efforts to Disrupt Scheme

The US government has been working with private sector partners to disrupt the DPRK IT worker threat, including providing threat information to online freelance work and payment service platforms used by the IT workers. In May 2023, a symposium was held between the US Department of State and the Republic of Korea (ROK) to enhance public-private partnerships to counter the DPRK IT worker threat.

Investigation Ongoing

The National Security Division’s National Security Cyber Section and the U.S. Attorney’s Office for the Eastern District of Missouri are investigating this case, with the FBI’s St. Louis Field Office conducting the investigation.