Associated Incidents
A federal court has indicted 14 more North Korean IT workers as part of an ongoing U.S. government campaign to crack down on Pyongyang's use of tech professionals to swindle American companies and nonprofits.
The Justice Department said the 14 indicted workers generated at least $88 million throughout a conspiracy that stretched over approximately six years, ending in March 2023. North Korea-controlled companies in China and Russia --- Yanbian Silverstar and Volasys Silverstar, respectively --- used the so-called "IT Warriors" to obtain false U.S. identities, pose as employees doing remote IT work in the United States and transfer funds from their employers to eventually end up in the hands of the North Korean government, according to the indictment.
"When the defendants gained access to a U.S. employer's sensitive business information, the defendants in some instances extorted payments from the employer by threatening to release, and in some cases releasing, that sensitive information online," per the indictment, which the DOJ publicized Thursday.
The U.S. District Court of the Eastern Division of Missouri handed down the indictment. In addition to the indictment, the State Department announced rewards of up to $5 million for individuals and companies involved in the scheme.
"Yesterday's indictment is the latest in a series of actions under a National Security Division initiative launched earlier this year to disrupt North Korea's efforts to generate revenue by duping American companies into hiring its citizens for remote work," said Assistant Attorney General Matthew Olsen of the Justice Department's National Security Division. "This indictment and associated disruptions highlight the cybersecurity dangers associated with this threat, including theft of sensitive business information for the purposes of extortion."
The Justice Department has repeatedly targeted this specific group of alleged conspirators in an attempt to disrupt them, including court-authorized seizures of a collective $764,800 via two orders unsealed Thursday, in addition to seizures of more money and internet domains the DOJ said the group used to appeal to prospective employers.
But it's also sought to combat the broader trend of North Korea using its IT workers for nefarious purposes, including via arrests and alerts with other federal agencies.
The charged workers' names are Jong Song Hwa, Ri Kyong Sik, Kim Ryu Song, Rim Un Chol, Kim Mu Rim, Cho Chung Pom, Hyon Chol Song, Son Un Chol, Sok Kwang Hyok, Choe Jong Yong, Ko Chung Sok, Kim Ye Won, Jong Kyong Chol and Jang Chol Myong.
Michael Barnhart, who leads Mandiant's North Korea threat hunting team, told CyberScoop after the indictment was announced that threat actors have recently become more dangerous since gaining employment at Western organizations.
"For the first time, we're seeing IT workers follow through on releasing sensitive data of organizations they've infiltrated to pressure victims into paying exorbitant ransoms," he said. "They're also demanding more cryptocurrency than they ever have before. We assess that the heightened media attention and ongoing government disruptions targeting their cyber operations this past year are forcing an escalation in their tactics."
You can read the full indictment here.