IT worker scheme uses U.S. companies to fund North Korean nuclear weapons program

ST. LOUIS – Fourteen people are accused of helping fund North Korea’s nuclear weapons program.

Ashley T. Johnson, the Special Agent in Charge of the FBI's St. Louis Division, believes that Thursday's federal indictment is just the beginning.

"The North Korean government has dispatched thousands of their IT workers to try and get them hired as remote freelancers or software engineers within U.S. companies," she said.

The new federal indictment filed Thursday says the suspects used stolen, borrowed, or purchased U.S. identities to get remote IT work. The workers are then accused of sending money to Chinese-based banks for use by North Korea. In some instances, defendants are accused of extorting payments from employers after getting access to sensitive business information.

During a six-year period, the group is accused of using and possessing hundreds of U.S. identities and generating $88 million in revenue for North Korea.

While the business victims mentioned in the indictment are not located in St. Louis, there was a key piece of evidence found in our region.

The indictment says one of the defendants had recruited someone to buy a laptop and install a remote access program, allegedly to make it appear the worker was in the U.S. That laptop was located in St. Louis. The indictment says the laptop was used in 2021 to transfer money to one of the other defendants.

The FBI says the identities being used to get the jobs were likely stolen on the dark web, but others were given voluntarily by people in the U.S. called domestic enablers.

"I think it can be motivated by a number of things. I think it can be motivated by money. A lot of individuals, it's unbeknownst to them. Their identities have been stolen," Johnson said.

It is unclear if the laptop in St. Louis is connected to an identity theft victim or a domestic enabler. And since the suspects are not believed to be in the U.S., it is unclear if they will ever actually see a courtroom.

"By indicting these individuals and making companies aware of how they can safeguard themselves, as well as our citizens, how they may be able to safeguard themselves if their identity is stolen helps us protect our national security," Johnson said.

Johnson warned companies to fully vet applicants for remote IT positions.

“If your company has hired fully remote IT workers, more likely than not, you have hired or at least interviewed a North Korean national working on behalf of the North Korean government,” she said.

The FBI is offering $5 million for information leading to the location of any of these suspects.

This recent indictment is part of an ongoing effort by the United States to combat similar schemes. Last year, the FBI in St. Louis says it seized several internet domain names linked to investigations into North Korean IT workers.