Four Americans and a Ukrainian national who aided North Korea’s information technology (IT) worker fraud involving U.S. companies pleaded guilty to their crimes, the Department of Justice (DOJ) said in a Nov. 14 statement.
The DOJ was also seeking forfeiture of more than $15 million in cryptocurrencies stolen and laundered by North Korean hackers. These nationwide actions aim to combat illicit revenue generated by the regime.
The North Korean government uses both IT worker fraud and crypto theft to fund their weapons programs and other priorities, violating U.S. sanctions, according to the Justice Department.
The five individuals who pleaded guilty “assisted North Korean actors with obtaining remote IT employment with U.S. companies,” the DOJ stated, adding that the facilitators “provided their own, false, or stolen identities, and hosted U.S. victim company-provided laptops at residences across the United States to create the false appearance that the IT workers were working domestically.”
“In total, these defendants’ fraudulent employment schemes impacted more than 136 U.S. victim companies, generated more than $2.2 million in revenue for the DPRK regime, and compromised the identities of more than 18 U.S. persons,” the DOJ stated, referring to North Korea’s official name, the Democratic People’s Republic of Korea (DPRK).
Three Americans pleaded guilty to one count of wire conspiracy at the U.S. District Court for the Southern District of Georgia. All were accused of assisting the overseas IT workers to pass vetting procedures at various companies. Two of the accused appeared for drug testing on behalf of the overseas workers, according to the DOJ.
Combined, the three duped roughly $1.28 million in salary payments from U.S. companies, with the majority of the funds being sent overseas.
The fourth American pleaded guilty to one count of wire conspiracy at the U.S. District Court for the Southern District of Florida.
He operated a business that contracted with several companies to supply them with allegedly certified IT workers despite knowing that the workers were outside the United States and that false and stolen identities were being used to gain employment, according to the DOJ. The individual allegedly earned more than $89,000 through the scheme.
The Ukrainian national pleaded guilty in the U.S. District Court for the District of Columbia. In addition to the wire fraud conspiracy, he is also charged with one count of aggravated identity theft.
The individual is accused of stealing the identities of Americans and selling them to IT workers overseas, including those from North Korea, to gain employment at 40 companies in the United States. Companies victimized by the scheme paid hundreds of thousands of dollars.
The DOJ has also filed two civil complaints to forfeit more than $15 million in digital currencies seized by the FBI from North Korean military hacking group Advanced Persistent Threat 38, commonly known as APT38.
The $15 million is the total amount stolen from four separate heists conducted by APT38, according to the Justice Department.
“Efforts to trace, seize, and forfeit related stolen virtual currency remain ongoing, as the APT38 actors continue to launder such funds through various virtual currency bridges, mixers, exchanges, and over-the-counter traders,” the DOJ stated.
Roman Rozhavsky, assistant director for the FBI’s Counterintelligence Division, said, “FBI investigations continue to expose the North Korean government’s relentless campaign to evade U.S. sanctions and generate millions of dollars to fund its authoritarian regime.”
An Oct. 7 analysis from blockchain analytics company Elliptic revealed that North Korean hackers had stolen more than $2 billion in crypto assets during the first nine months of this year.
This figure is roughly three times the 2024 tally, and the largest annual total on record, according to Elliptic. The previous highest annual record was in 2022, when the North Korean hackers stole $1.35 billion in crypto assets.
“The majority of the hacks in 2025 have been perpetrated through social engineering attacks, where hackers deceive or manipulate individuals in order to gain access to cryptocurrency,” Elliptic stated.
Funding Weapons Program
According to an Oct. 22 report from the Multilateral Sanctions Monitoring Team, a mechanism tasked with monitoring actions that evade sanctions as outlined in U.N. Security Council Resolutions, North Korea uses its cyber capabilities to generate revenue for activities such as the development of weapons of mass destruction and ballistic missiles.
Almost all of North Korea’s cybercrime, money laundering, and IT work is conducted under the regime’s supervision, and for the benefit of entities such as the Workers’ Party of Korea, which has been sanctioned by the United Nations, according to the report. The Workers’ Party of Korea is a one-party state system controlled by the family of North Korean leader Kim Jong Un through a hereditary dictatorship.
There is a China connection to these types of incidents. North Korea “relied heavily on access to Chinese infrastructure, financial institutions, and facilitators based in China to conduct IT work and cryptocurrency laundering,” the report stated.
“At least fifteen Chinese banks were found to have been used by the DPRK to launder funds related to IT work or cryptocurrency heists, and DPRK actors relied heavily on over-the-counter traders in China to convert stolen cryptocurrency into fiat currency,” it stated.
Meanwhile, earlier this month, the Department of the Treasury’s Office of Foreign Assets Control sanctioned eight individuals and two entities found to have played a role in laundering funds for North Korean schemes, including cybercrime and IT worker fraud, the Treasury said in a Nov. 4 statement.
According to the Treasury Department, North Korean IT workers are located globally and hide their nationality and identity while doing work, earning hundreds of millions of dollars per year.
“In some instances, DPRK IT workers engage other foreign freelance programmers to establish business partnerships,” the Treasury Department stated.
“They collaborate with these non-North Korean freelance workers on projects which were originally commissioned to those workers and split the revenue.”
Friends Read Free
Copy
Facebook
Tweet
