The U.S. Department of Justice (DOJ) announced charges on Thursday against five individuals involved in a fraudulent scheme. The defendants helped North Korean nationals pose as remote IT workers, generating revenue for the North Korean government.
Key Defendants and Charges
Among the five charged are North Korean nationals Jin Sung-Il and Pak Jin-Song, along with Mexican national Pedro Ernesto Alonso De Los Reyes, and U.S. citizens Erick Ntekereze Prince and Emanuel Ashtor. The DOJ’s move follows similar actions, including recent sanctions imposed by the Treasury Department.
The scheme lasted from April 2018 to August 2024. During that time, the defendants helped North Koreans infiltrate over 60 U.S. companies. The group collected at least $866,255 from these businesses, funneling the payments through Chinese bank accounts to hide the funds’ true origin.
How the Scheme Worked
The defendants used stolen identities and forged documents to conceal the identities of the North Korean operatives. These fake credentials, including U.S. passports, allowed the operatives to land remote IT jobs with American companies. Ntekereze and Ashtor set up a “laptop farm” in North Carolina, where they hosted company laptops, allowing the fake workers to remotely access and control them.
The group’s goal was to fund North Korea’s military programs. By posing as legitimate workers, the North Korean operatives contributed to evading U.S. sanctions.
FBI’s Investigation and Arrests
The FBI arrested Ntekereze and Ashtor after raiding Ashtor’s North Carolina home, which served as the operation’s base. Alonso was arrested in the Netherlands earlier this month. The charges against the five include conspiracy to damage protected computers, conspiracy to commit wire fraud, and conspiracy to launder money. Each faces up to 20 years in prison if convicted.
Broader U.S. Efforts Against North Korea’s Cyber Operations
The DOJ’s recent actions are part of a larger effort to counter North Korea’s cyber schemes. Last week, the Treasury Department imposed sanctions on entities linked to similar operations. The DOJ also indicted 14 North Koreans in December 2024 for generating $88 million through similar tactics over six years.
Michael Barnhart, principal analyst at Mandiant, emphasized the growing risks for U.S. companies. He said North Korean IT workers are becoming more aggressive in their methods, often targeting larger organizations to steal sensitive data or extort ransom. Barnhart stressed the need for businesses to be vigilant and protect themselves against these growing threats.
